In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Iran struggles to relaunch petrol stations after cyber attack
October 27, 2021
Iran struggled Wednesday to restart its petrol distribution system after it was hit by an unprecedented cyber-attack which security officials said was launched from abroad. The unclaimed attack crippled the country’s system of government-issued electronic cards which motorists use to purchase heavily subsidised fuel. Long queues have formed outside petrol stations, angering motorists in a country already ...
- FBI: Ranzy Locker ransomware hit at least 30 US companies this year
October 26, 2021
The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021,” the FBI said in a TLP: WHITE flash alert. “The victims include the construction subsector of ...
- What To Expect in a Ransomware Negotiation
October 26, 2021
We all know the risk of a ransomware attack. Headlines of the latest victims might haunt the dreams of chief information security officers (CISOs) and security operations centers (SOCs) due to the multi-extortion models used by modern ransomware groups. We wanted to get a better understanding of what victims go through during the aftermath and recovery ...
- Money launderers for Russian hacking groups arrested in Ukraine
October 26, 2021
The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services. In a press release by Ukraine’s SSU, law enforcement says the individuals engaged in large-scale international operations where they laundered tens of millions of USD for various hacking groups. To engage with their “clients,” ...
- Kaspersky APT trends report Q3 2021
October 26, 2021
The SolarWinds incident reported last December stood out because of the extreme carefulness of the attackers and the high-profile nature of their victims. The evidence suggests that the threat actor behind the attack, DarkHalo (aka Nobelium), had spent six months inside OrionIT’s networks to perfect their attack. In June, more than six months after DarkHalo had ...
- Almost 100 Organizations in Brazil Targeted with Banking Trojan
October 26, 2021
Up to 100 organizations in Brazil have been targeted with a banking Trojan since approximately late August 2021, with the most recent activity seen in early October. This campaign appears to be a continuation of activity that was published about by researchers at ESET in 2020. The attackers appeared to be undeterred by exposure and Symantec, ...