In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Egregor ransomware members arrested by Ukrainian, French police
February 14, 2021
A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine. As reported first by France Inter, on Tuesday, law enforcement made the arrests after French authorities could trace ransom payments to individuals located in Ukraine. The arrested individuals are thought to be ...
- Leading Canadian rental car company hit by DarkSide ransomware
February 13, 2021
Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data. Discount Car and Truck Rentals is a leading Canadian car and truck rental company with 300 locations throughout Canada. Enterprise Holdings’ Canadian subsidiary acquired the company in 2020. This month, the car rental ...
- mHealth Apps Expose Millions to Cyberattacks
February 12, 2021
Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another and allowing them to swap information. Researcher Alissa Knight with Approov tried to break into ...
- Copycat researchers imitate supply chain attack that hit tech giants
February 12, 2021
This week, over 150 new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures ...
- Yandex said it caught an employee selling access to users’ inboxes
February 12, 2021
Russian search engine and email provider Yandex said today that it caught one of its employees selling access to user email accounts for personal gains. The company, which did not disclose the employee’s name, said the person was “one of three system administrators with the necessary access rights to provide technical support” for its Yandex.Mail service. The ...
- Singtel, QIMR Berghofer report Accellion-related data breaches
February 11, 2021
Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. Accellion is a developer of secure file transfer products that allow organizations to transfer sensitive files with people outside of their organization. In mid-December, Accellion announced that they became ...