Scams & Phishing News Hacker Hits ESET's Partner In Israel

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
ESET denies it was compromised as Israeli orgs targeted with 'ESET-branded' wipers
ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop's infrastructure.

Kevin Beaumont blogged about an Israeli biz that said it was infected with a wiper after a staffer clicked a link in an email seemingly sent from the ESET Advanced Threat Defense Team in Israel.

The email itself passed DKIM and SPF checks against ESET's domain, said Beaumont, although according to a screenshot of it shared by one security pro, Google Workspace flagged it as malicious.

It appears the email was first sent on October 8, targeting cybersecurity professionals in Israel, with the .ZIP download hosted on ESET servers.

Targets were informed their devices were being aimed at by "a state-backed threat actor" and were invited to ESET's Unleashed program – which doesn't appear to exist as a standalone program, but Beaumont noted the branding is sometimes used by the vendor.

The download contains various ESET DLLs, the researcher said, as well as a malicious setup.exe. Beaumont described it as a fake ransomware, making calls to things like Mutex from Yanluowang's ransomware payload, for example.

It also made innocuous calls to an organization promoting the Iron Swords War memorial day, established to remember those who died when Hamas troops attacked Israel on October 7, 2023. The observation, combined with the day of infection, raises questions about whether this was a hacktivist at work.

"Email targeting seen so far is cybersecurity people within organizations across Israel," said Beaumont. "It appears there is no way to actually recover. It's a wiper."

ESET responded to the situation via X on Friday, denying Beaumont's claim that ESET Israel was itself compromised.

The security org said: "We are aware of a security incident which affected our partner company in Israel last week. Based on our initial investigation, a limited malicious email campaign was blocked within ten minutes. ESET technology is blocking the threat and our customers are secure. ESET was not compromised and is working closely with its partner to further investigate and we continue to monitor the situation."
Click to expand...
www.theregister.com

ESET denies Israel branch compromised amid targeted attacks

Says 'limited' incident isolated to 'partner company'
www.theregister.com www.theregister.com
 
Last edited:
  • Like
Reactions: Fel Grossi

Similar threads

Gandalf_The_Grey
    • Like
Scams & Phishing News FBI: Upcoming U.S. general election fuel multiple fraud schemes
Replies
1
Views
757
Security News
simmerskool
simmerskool
Bot
    • Like
Security News APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
Replies
0
Views
660
Security News
Bot
Bot
Gandalf_The_Grey
    • Like
    • Thanks
Security News Temu denies breach after hacker claims theft of 87 million data records
Replies
0
Views
1,467
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top