In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Apple Patches Bugs Tied to Previously Identified Zero-Days
November 6, 2020
Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple this week released iOS 14.2 and iPadOS 14.2, which patch a total of 24 vulnerabilities—including the three ...
- Operation North Star: Behind The Scenes
November 5, 2020
It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware sample, and perhaps the IP addresses of historical command and control (C2) infrastructure. The Operation North Star campaign we detailed earlier this year ...
- Italian beverage vendor Campari knocked offline after ransomware attack
November 5, 2020
Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network. The attack took place last Sunday, on November 1, and has been linked to the RagnarLocker ransomware gang, according to a copy of the ...
- Brazil’s court system under massive RansomExx ransomware attack
November 5, 2020
Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. “The Superior Court of Justice (STJ) announces that the court’s information technology network suffered a hacker attack on Tuesday (3), during the afternoon, when the six group classes’ judgment sessions took place,” STJ ...
- Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
November 5, 2020
Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept (PoC) exploit code has been released, opening ...
- Attacks on industrial enterprises using RMS and TeamViewer: new data
November 5, 2020
In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. We reported these attacks in 2018 in an article entitled “Attacks on industrial enterprises using RMS ...