In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- PyMICROPSIA: New Information-Stealing Trojan from AridViper
December 14, 2020
Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region. As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the ...
- Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
December 13, 2020
Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also ...
- Suspected Russian hackers spied on U.S. Treasury emails – sources
December 13, 2020
Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg. The hack is so serious it led to a National Security Council meeting at ...
- Intel’s Habana Labs hacked by Pay2Key ransomware, data stolen
December 13, 2020
Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors. Habana Labs is an Israeli developer of AI processors that accelerate artificial intelligence workloads in the datacenter. Intel purchased the company in December 2019 for approximately $2 billion. Today, the Pay2Key ransomware operation leaked data allegedly stolen from ...
- Subway marketing system hacked to send TrickBot malware emails
December 12, 2020
Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday. Starting yesterday, Subway UK customers received strange emails from ‘Subcard’ about a Subway order that was placed. Included in the email were links to documents allegedly containing confirmation of the order. After analyzing these ...
- Facebook doxes APT32, links Vietnam’s primary hacking group to local IT firm
December 11, 2020
In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today’s most active state-sponsored hacking group, believed to be linked to the Vietnamese government. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect ...