In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail
March 23, 2021
A former IT contractor has been sentenced to two years in prison after hacking into a company’s server and deleting the majority of its employees’ Microsoft Office 365 (O365) accounts. The incident resulted in the company completely shutting down for two days. The 32-year-old contractor, Deepanshu Kher, was initially employed by an unnamed IT consulting firm ...
- UK colleges and unis urged to prepare for ransomware before it’s too late
March 23, 2021
Britain’s National Cyber Security Centre (NCSC) has urged universities, schools, and colleges to be vigilant following an increase in ransomware attacks targeting educational institutions. “While operational details cannot be disclosed, the NCSC has dealt with a significant increase in the number of attacks since late February, when establishments were preparing to welcome students back to the ...
- Microsoft Exchange servers now targeted by Black Kingdom ransomware
March 22, 2021
Another ransomware operation known as ‘Black Kingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware. Based on the logs from his honeypots, Hutchins states that the threat actor ...
- China takes aim at ‘spying’ Tesla cars, bans military staff use
March 22, 2021
Elon Musk has said Tesla would be “shut down” if accusations that the firm’s cars could be used for spying purposes were true. Last week, the Wall Street Journal reported that the Chinese government has restricted the use of Tesla vehicles in military and key, state-owned company settings. Military and government staff are reportedly not permitted to ...
- Hacking group used 11 zero-days to attack Windows, iOS, Android users
March 20, 2021
Project Zero, Google’s zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020. This month’s report showcases the use of seven zero-days ...
- Computer giant Acer hit by $50 million ransomware attack
March 19, 2021
Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000. Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019. Yesterday, the ransomware gang announced on their data ...