In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- WhatsApp chief claims government officials among 1,400 WhatsApp users targeted in 2019 attack
July 24, 2021
Senior government officials around the world – including individuals in high national security positions who are “allies of the US” – were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 WhatsApp users, according to the messaging app’s chief executive. Will Cathcart disclosed the new details about individuals who were targeted in ...
- New PetitPotam attack allows take over of Windows domains
July 23, 2021
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. Many organizations utilize Microsoft Active Directory Certificate Services, which is a public key infrastructure (PKI) server that can be used to authenticate users, services, and machines on a Windows domain. Read ...
- FIN7’s Liquor Lure Compromises Law Firm with Backdoor
July 23, 2021
Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey. The gambit successfully compromised at least one law firm, giving them a shot of the JSSLoader remote-access trojan (RAT), researchers said. According to ...
- Even after Emotet takedown, Office docs deliver 43% of all malware downloads now
July 23, 2021
Malware delivered over the cloud increased by 68% in Q2, according to data from cybersecurity firm Netskope. The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter. The report noted that cloud storage apps account for more than 66% of cloud ...
- Gun owners’ fears after Guntrader.uk data breach
July 23, 2021
Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a “security breach”. Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner’s Office. Police, including the National Crime Agency, are investigating. Read ...
- Updated XCSSET Malware Targets Telegram, Other Apps
July 22, 2021
In the last update on the XCSSET campaign, security researchers at Trend Micro updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to steal information from various apps, a behavior that ...