In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- HPE discloses critical zero-day in server management software
December 16, 2020
Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day. Zero-days are publicly disclosed ...
- Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome
December 15, 2020
A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardware running on its own Apple processors. In total, six high-severity flaws ...
- Gitpaste-12 Worm Widens Set of Exploits in New Attacks
December 15, 2020
The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices. First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things (IoT) devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at ...
- Agent Tesla Keylogger Gets Data Theft and Targeting Update
December 15, 2020
Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. Agent Tesla first came into the scene in 2014, specializing in keylogging (designed to record keystrokes made by a user in order to exfiltrate data like credentials and more) and data-stealing. Since then keylogger has only ...
- Using MITRE ATT&CK to Identify an APT Attack
December 15, 2020
Security teams and researchers depend on publicly documented analyses of tools, routines, and behaviors to update themselves on the latest findings in the cybersecurity landscape. Published information serves as a reference for the known tactics, techniques, and procedures (TTPs) to install defenses against advance persistent threats (APTs) and prevent attacks that are likely to occur ...
- Threat Brief: SolarStorm and SUNBURST Customer Coverage
December 14, 2020
On Sunday, Dec. 13, FireEye released information related to a breach and data exfiltration originating from an unknown actor FireEye is calling UNC2452. Unit 42 tracks this and related activity as the group named SolarStorm, and has published an ATOM containing the observed techniques, IOCs and relevant courses of action in the Unit 42 ATOM ...