» 2024 » December Blog

Summary Researchers from SecureList from Kaspersky revealed new details regarding the Horns&Hooves cyber campaign, active since March 2023, which targeted over a thousand users and businesses in Russia (including retailers), using malicious JScript (JS) scripts disguised as legitimate email attachments. These scripts deploy the legitimate remote administration tool, NetSupport, for malicious purposes, granting attackers remote access…

On 3 December 2024, the RH-ISAC intel team was informed about a possible digital skimmer that may be present on an unnamed e-commerce website. JJ Josing, Principal Threat Researcher at the RH-ISAC, started his initial investigation into this incident. Our investigation discovered a script block containing heavily obfuscated JavaScript in the HTML of the checkout…