In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack
May 25, 2021
Kubernetes is the most widely adopted container orchestration platform for automating the deployment, scaling, and management of containerized applications. Unfortunately, like any widely used application, it makes for an attractive target for threat actors as they are often misconfigured, especially those running primarily in cloud environments with access to nearly infinite resources. This article will ...
- Russian to be deported after foiled Tesla ransomware plot
May 24, 2021
A Russian man was sentenced Monday to what amounted to time already served in U.S. government custody and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant in a bid to steal company secrets for ransom. Egor Igorevich Kriuchkov, appearing ...
- North Korean hackers behind CryptoCore multi-million dollar heists
May 24, 2021
Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. The group is believed to have stolen hundreds of millions of U.S. dollars by breaching cryptocurrency exchanges in the U.S., Israel, Europe, and Japan over ...
- Bluetooth flaws allow attackers to impersonate legitimate devices
May 24, 2021
Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks. The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable ...
- Zeppelin ransomware comes back to life with updated versions
May 24, 2021
The developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and started to advertise new versions of the malware. A recent variant of the malware became available on a hacker forum at the end of last month, offering cybercriminals in the ransomware business complete independence. Zeppelin ransomware is ...
- Apple patches macOS flaw exploited by malware to secretly snap screenshots
May 24, 2021
Apple has patched a hole in macOS that has been exploited by malware to secretly take screenshots on victims’ Macs. The security flaw can also be potentially abused to access files and record video and audio from the computer. The iGiant has also released iOS and iPadOS 14.6, which fixes 43 CVE-listed security flaws and adding ...