In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- US seizes $6 million from REvil ransomware, arrest Kaseya hacker
November 8, 2021
The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner. The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi, arrested for cybercriminal activity on October 8 at the behest ...
- DDoS attacks in Q3 2021
November 8, 2021
Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victim’s IP address over TCP. To date, amplification attacks have mostly been carried out using the ...
- REvil ransomware affiliates arrested in Romania and Kuwait
November 8, 2021
Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates on November 4, both of them allegedly responsible for infecting thousands of victims. DIICOT (the Romanian Directorate for Investigating Organized Crime and Terrorism) and judicial police officers carried out four home searches in Constanța, seizing mobile devices (laptops, mobile phones) and storage ...
- Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
November 7, 2021
On Sept. 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. The alert explained that malicious actors were observed deploying a specific webshell and ...
- Cloudflare report highlights devastating DDoS attacks on VoIP services and several ‘record-setting HTTP attacks’
November 5, 2021
Cloudflare released its Q3 DDoS Attack Trends report this week, capping a record-setting quarter that saw a number of devastating attacks on VoIP services. Cloudflare researchers said they saw the several “record-setting HTTP DDoS attacks, terabit-strong network-layer attacks and one of the largest botnets ever deployed (Meris),” noting the emergence of ransom DDoS attacks on voice ...
- BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
November 4, 2021
On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary ...