In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Silver Sparrow Malware Found Nesting on 30K Macs
February 19, 2021
Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform. Curiously, in the samples seen so far by analysts at Red Canary, the malware (dubbed Silver Sparrow) has been executing on victim machines with the final payload yet to ...
- Malformed URL Prefix Phishing Attacks Spike 6,000%
February 19, 2021
Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL. “The URLs are malformed, not utilizing the normal URL protocols, ...
- Gauging LoRaWAN Communication Security with LoraPWN
February 19, 2021
LoRaWAN technology allows organizations to deploy the internet of things solutions at a much lower cost than existing cellular infrastructure solutions. Because of this, enterprises and smart cities around the world have started using LoRaWAN in their operations. As mentioned in the first article of this series, LoRaWAN technology has been used in infrastructure management, ...
- Industrial Remote Access: Why It’s Not Something to Fear
February 18, 2021
Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check. These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote access. Using Oldsmar ...
- Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device
February 17, 2021
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both ...
- Manufacturing Cybersecurity Case Studies
February 17, 2021
Manufacturing is a large industry that plays an important role in the world economy and is closely linked to our daily lives. They produce a variety of products, such as automobiles and semiconductors, industrial equipment, steel, oil, cement, food and pharmaceuticals. Each company has a different environment and different cybersecurity challenges. Trend Micro classifies their ...