In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- How to confuse antimalware neural networks. Adversarial attacks and protection
June 23, 2021
Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including models for static and dynamic detection, for processing sandbox logs and ...
- NukeSped Copies Fileless Code From Bundlore, Leaves It Unused
June 22, 2021
While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped. The backdoor has been attributed to the cybercriminal group Lazarus, which has been active since at least 2014. There are multiple variants of NukeSped, which is designed ...
- Ever101 ransomware payment traced to a sensual massage site
June 22, 2021
A ransomware targeting an Israeli company has led researchers to track a portion of a ransom payment to a website promoting sensual massages. The attack was conducted by a more recent ransomware operation known as Ever101 who compromised an Israeli computer farm and proceeded to encrypt its devices. Read more… Source: Bleeping Computer
- Email Bug Allows Message Snooping, Credential Theft
June 22, 2021
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by ...
- North Korean Kimsuky hacking group allegedly behind breach of South Korean nuclear institute
June 21, 2021
A North Korean hacking group with a history of high-profile attacks against South Korea allegedly breached the network of South Korea’s state-run nuclear research institute last month. Representative Ha Tae-keung of the People Power Party, South Korea’s main opposition party, claimed 13 unauthorised IP addresses accessed the internal network of Korea Atomic Energy Research Institute (KAERI) ...
- Conti Ransomware Gang: An Overview
June 18, 2021
Conti ransomware stands out as one of the most ruthless of the dozens of ransomware gangs that we follow. The group has spent more than a year attacking organizations where IT outages can have life-threatening consequences: hospitals, 911 dispatch carriers, emergency medical services and law enforcement agencies. Ireland has yet to recover from an attack ...