In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- TA551 Shifts Tactics to Install Sliver Red-Teaming Tool
October 21, 2021
The criminal threat group known as TA551 has added the Sliver red-teaming tool to its bag of tracks – a move that may signal ramped up ransomware attacks ahead, researchers said. According to Proofpoint researchers, TA551 (aka Shathak) has been mounting cyberattacks that start with email thread hijacking – an increasingly popular tactic in which adversaries ...
- Evil Corp demands $40 million in new Macaw ransomware attacks
October 21, 2021
Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. The Evil Corp hacking group, also known Indrik Spider and the Dridex gang, has been involved in cybercrime activities since 2007, but mostly as affiliates to other organizations. Over time, the group began focusing on their ...
- Why is Cybersecurity Failing Against Ransomware?
October 21, 2021
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. Yes, security is hard – no one is ever 100 percent safe from the threats lurking out there. But how is it that time and time again, ...
- Russian-speaking cybercrime evolution: What changed from 2016 to 2021
October 20, 2021
Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that ...
- New espionage campaign targets South East Asia
October 20, 2021
An espionage campaign using a previously undocumented toolset has targeted a range of organizations in South East Asia. Among the identified targets are organizations in the defense, healthcare, and information and communications technology (ICT) sectors. The campaign appears to have begun in September 2020 and ran at least until May 2021. The toolset used by the ...
- TA505 Gang Is Back With Newly Polished FlawedGrace RAT
October 19, 2021
The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherrod DeGrippo, vice president, Threat Research ...