In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
May 12, 2020
Tropic Trooper, a threat actor group that targets government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong, has been active since 2011. The group was reportedly using spear-phishing emails with weaponized attachments to exploit known vulnerabilities. Primarily motivated by information theft and espionage, the group has also been seen adopting different strategies such ...
- COVID-19 Themed Malware Within Cloud Environments
May 11, 2020
Unit 42 researchers found that public cloud infrastructure has communicated with domains known to distribute COVID-19 themed malware. On March 24, 2020, Unit 42 published a blog discussing attack patterns used by malicious actors in relation to the novel Coronavirus (COVID-19). Taking these findings a step further, researchers attempted to uncover if there are malicious COVID-19 related ...
- Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
May 11, 2020
Unit 42 has observed activity over the last 4 months involving the BackConfig malware used by the Hangover threat group (aka Neon, Viceroy Tiger, MONSOON). Targets of the spear-phishing attacks, using local and topical lures, included government and military organizations in South Asia. The BackConfig custom trojan has a flexible plug-in architecture for components offering various features, including ...
- Threats and Consequences A Security Analysis of Smart Manufacturing Systems
May 11, 2020
In the era of Industry 4.0, there has been increasing adoption of smart manufacturing technologies by organizations looking to improve their manufacturing efficiency. While this has provided plenty of benefits, such as enhanced productivity at lower costs, it has also introduced new attack vectors that can be exploited by threat actors looking to gain a foothold ...
- Zeus Sphinx revamped as coronavirus relief payment attack wave continues
May 11, 2020
The Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams. On Monday, IBM Security researcher Nir Shwarts said the company has been tracking the evolution of the malware which is based on the leaked codebase of the well-known Zeus v.2 Trojan. Zeus Sphinx — also referred ...
- Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
May 11, 2020
A Dutch researcher has detailed nine attack scenarios that work against all computers with Thunderbolt shipped since 2011 and which allow an attacker with physical access to quickly steal data from encrypted drives and memory. Researcher Björn Ruytenberg detailed the so-called Thunderspy attacks in a report published on Sunday, warning that the attacks work even when users ...