In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Hackers used never-before-seen wiper in recent attack on Iranian train system
July 29, 2021
Researchers with cybersecurity company SentinelOne reconstructed the recent cyberattack on Iran’s train system in a new report, uncovering a new threat actor — which they named ‘MeteorExpresss’ — and a never-before-seen wiper. On July 9, local news outlets began reporting on a cyberattack targeting the Iranian train system, with hackers defacing display screens in train stations ...
- Iran’s secret cyber files on how cargo ships and petrol stations could be attacked
July 29, 2021
Classified documents, allegedly from Iran, reveal secret research into how a cyber attack could be used to sink a cargo ship or blow up a fuel pump at a petrol station. The internal files, obtained by Sky News, also include information on satellite communication devices used by the global shipping industry as well as a computer-based ...
- Phishing Attacks Often Target Small Businesses – Here’s What to Watch for
July 29, 2021
Scammers target businesses with phishing emails all the time, pretending to be legitimate customers or vendors asking for payment. While any company can be vulnerable to this type of attack, small- to medium-size companies are particularly vulnerable because it is easier for a scammer to do a bit of research online and identify the right ...
- APT trends report Q2 2021
July 29, 2021
Investigating the recent Microsoft Exchange vulnerabilities Kaspersky and their colleagues from AMR found an attacker deploying a previously unknown backdoor, “FourteenHi”, in a campaign that we dubbed ExCone, active since mid-March. During our investigation we revealed multiple tools and variants of FourteenHi, configured with infrastructure that FireEye reported as being related to the UNC2643 activity ...
- Risks in Telecommunications IT
July 29, 2021
Telecommunications is just one aspect of a 200-year-old field of research in IT. In our latest report, “Islands of Telecoms: Risks in IT,” we liken this field to what seems to be separate islands that are in fact connected by a larger landmass underneath an ocean of IT. Indeed, the features of telecommunications might seem ...
- Haron and BlackMatter are the latest groups to crash the ransomware party
July 28, 2021
July has so far ushered in at least two new ransomware groups. Or maybe they’re old ones undergoing a rebranding. Researchers are in the process of running down several different theories. Both groups say they are aiming for big-game targets, meaning corporations or other large businesses with the pockets to pay ransoms in the millions of ...