In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Coinminer, DDoS Bot Attack Docker Daemon Ports
May 6, 2020
Researchers found an open directory containing malicious files, which was first reported in a series of Twitter posts by MalwareHunterTeam. Analyzing some of the files, we found a malicious cryptocurrency miner and Distributed Denial of Service (DDoS) bot that targets open Docker daemon ports. The attack starts with the shell script named mxutzh.sh, which scans for open ports (2375, ...
- DDoS attacks in Q1 2020
May 6, 2020
Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web — people worldwide are now working, studying, shopping, and having fun online like never before. This is reflected in the goals of recent DDoS attacks, with the most targeted resources in Q1 being websites of medical organizations, ...
- Excel Files with Hidden Sheets Target Users in Italy
May 5, 2020
A spam campaign using emails that have Excel file (.xls) attachments (detected by Trend Micro as Trojan.XF.HIDDBOOK.THDBHBO) has been seen circulating and targeting users in Italy and some users in Germany and other countries. The attachment appears blank when opened, but it has a sheet set to “hidden” that attempts to connect to a URL and download a ...
- COVID-19: Cloud Threat Landscape
May 4, 2020
Unit 42 researchers analyzed 1.2 million newly observed hostnames (NOH) containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks). 86,600+ fully qualified domain names are classified as “high-risk” or “malicious” (C2, malware, or phishing), spread across various regions , as shown in Figure 1. The United States ...
- Oracle: Unpatched Versions of WebLogic App Server Under Active Attack
May 4, 2020
Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The server has a remote ...
- Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems
May 4, 2020
The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and ...