In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Cobalt Ulster Strikes Again With New ForeLord Malware
March 3, 2020
A new credential-stealing malware, dubbed ForeLord, has been uncovered in a recent spear phishing campaign. Researchers tie the attack to a known advanced persistence threat (APT) group known as Cobalt Ulster. The emails distributing ForeLord were uncovered as part of a campaign, running between mid-2019 and mid-January 2020. The emails were targeting organizations in Turkey, Jordan, Iraq, as ...
- GuLoader: Malspam Campaign Installing NetWire RAT
March 3, 2020
NetWire is a publicly-available RAT that has been used by criminal organizations and other malicious groups since 2012. NetWire is distributed through various campaigns, and we usually see it sent through malicious spam (malspam). GuLoader is a file downloader that was first discovered in December 2019, and it has been used to distribute a wide variety of remote ...
- Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
March 3, 2020
Between October 2019 through the beginning of December 2019, Unit 42 observed multiple instances of phishing attacks likely related to a threat group known as Molerats (AKA Gaza Hackers Team and Gaza Cybergang) targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries, of which the latter two were quite ...
- TrickBot Adds ActiveX Control, Hides Dropper in Images
March 2, 2020
The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. Michael Gorelik, researcher at Morphisec Labs, said that at least two dozen documents have come to light in the last few weeks that use ActiveX—a feature in Remote Desktop Protocol (RDP) – to ...
- What to know about cyberattacks targeting energy pipelines
March 1, 2020
The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers. The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline. While the agency ...
- RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus
February 28, 2020
Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this year – especially as ransomware looms as a main threat to the sector going forward. That’s according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week. “My agency ...