In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Security company warns of Mitsubishi industrial control vulnerabilities
August 5, 2021
Cybersecurity company Nozomi Networks Labs has warned the industrial control system (ICS) security community about 5 vulnerabilities affecting Mitsubishi safety PLCs. In a new report, the company said Mitsubishi acknowledged the issues — which are focused on the authentication implementation of the MELSOFT communication protocol — after they were discovered at the end of 2020. The Japanese ...
- How Social Norms Can Be Exploited by Scammers on Social Media
August 5, 2021
Social media platforms are excellent hunting grounds for scammers. This is where we connect with our friends or people who we have something in common with. This is precisely what scammers exploit—our connections and the trust that is afforded between friends or acquaintances. From an early age, we are taught to be kind and compassionate as ...
- The Next Disruptive ICS Attacker: A Disgruntled Insider?
August 4, 2021
Often, the most critical threats come from within an organization itself. This is true for all sectors, but it is especially true for industrial control systems (ICS). Technicians in these environments already have access to plant controls and may have the deep knowledge of industrial processes needed to achieve specific goals. The damage caused by ...
- Ransomware attack hits Italy’s Lazio region, affects COVID-19 site
August 4, 2021
The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region’s IT systems, including the COVID-19 vaccination registration portal. Early Sunday morning, the Lazio region suffered a ransomware attack that encrypted every file in its data center and disrupted its IT network. “The attack blocked almost every file in the data center. ...
- ‘DeadRinger’ Targeted Exchange Servers Long Before Discovery
August 4, 2021
Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found. Researchers from Cybereason have been tracking multiple cyberespionage campaigns – collectively dubbed “DeadRinger” – since 2017, reporting initially on findings ...
- The Pentagon says its new AI can see events ‘days in advance’
August 4, 2021
The US military is testing the use of cutting-edge data gathering tools combined with artificial intelligence to predict enemies’ next moves with up to days of advance. Speaking at a press conference, the commander of the US Northern Command (NORTHCOM) Glen VanHerck revealed that trials have been on-going to improve the military’s use of data when ...