In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- London Hackney Council hit by ‘serious cyber attack’
October 13, 2020
Due to enormous amount of interest and following numerous requests from Cyber Security Review readers, Hackney Council says it has been hit by a “serious cyber attack”, which is affecting many of its services and IT systems. The council says it is working with the UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing ...
- Software AG Data Released After Clop Ransomware Strike – Report
October 13, 2020
Clop and the group’s signature malware has struck again — this time hitting a giant target in the form of German software conglomerate Software AG. The company isn’t paying a mammoth $23 million ransom (so far), and over the weekend it confirmed that the crooks were releasing company data, according to reports. The Clop ransomware cybercriminals ...
- Cybercriminals Gamble With Victims’ Livelihoods To Pass the Covid-19 Blues
October 12, 2020
In the Trend Micro 2020 midyear security report, we discussed how the Covid-19 global pandemic affected the cybersecurity industry. However, the pandemic didn’t just change the way businesses (and subsequently, their employees) operate; the nature of certain criminal activities have also changed in this time of isolation. Interestingly, some of this involves what we might call ...
- Court orders seizure of ransomware botnet controls as U.S. election nears
October 12, 2020
Microsoft said Monday it had used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election. The maker of the Windows operating system said it seized a series of internet protocol addresses hosted by U.S. companies that had been ...
- Hacker groups chain VPN and Windows bugs to attack US government networks
October 12, 2020
Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday. Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government networks have also been ...
- Metasploit Shellcodes Attack Exposed Docker APIs
October 12, 2020
We have discussed the importance of keeping Docker APIs secure in previous articles, as leaving them exposed can give cybercriminals unfettered access to the host with root privileges. This access can lead to distributed denial of service (DDoS) attacks, remote code execution (RCE), and unauthorized cryptocurrency mining activity. We recently observed an interesting payload deployment using ...