In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- New ‘warshipping’ technique gives hackers access to enterprise offices
August 7, 2019
Researchers have described a new technique which could be used by cyberattackers to infiltrate corporate setups — with a little help from your friendly neighborhood delivery workers. On Wednesday, Charles Henderson, Global Managing Partner of IBM X- Force Red documented the theoretical method known as warshipping. The technique builds upon wardialing — in which numbers are called en masse ...
- Microsoft Says Russia’s Strontium Behind IoT Hacks
August 7, 2019
Russian hackers have been identified by security experts at Microsoft as being behind a series of attacks on IoT devices. Microsoft’s Threat Intelligence Center said in a blog posting that the Russian state-linked hackers were Strontium. The Strontium hackers are also known as the Fancy Bear group, or alternatively ‘APT28′ and are closely linked to the Russian military intelligence ...
- New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits
August 6, 2019
A newly uncovered vulnerability affecting every Windows computer using an Intel processor built since 2012 could allow attackers to bypass safeguards and access information held in a system’s protected kernel memory. This new side-channel attack is built on previous research into other CPU vulnerabilities – such as Spectre and Meltdown – but this new vulnerability can bypass the ...
- LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
August 6, 2019
First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. Our analysis of a new LokiBot variant shows that ...
- Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs
August 6, 2019
Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required. Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is ...
- Cyberattacks against industrial targets have doubled over the last 6 months
August 5, 2019
Cyberattacks designed to cause damage have doubled in the past six months and 50 percent of organizations affected are in the manufacturing sector, researchers say. On Monday, IBM’s X-Force IRIS incident response team published new research based on recent cyberattacks they have been called in to assist with, and the main trend the group is witnessing is the ...