Unknown hackers recently made an attempt to infiltrate Israeli organizations with wiper malware through deceptive phishing emails posing as the renowned cybersecurity firm ESET. The nefarious email, supposedly originating from ESET, falsely claimed that the recipient’s device had been targeted by a state-backed threat actor. It enticed recipients to click on a link for a ZIP download allegedly hosted on ESET servers, promising assistance in recovering from the purported attack.
Cybersecurity researcher Kevin Beaumont uncovered this malicious ESET-branded campaign and highlighted it on his blog. He cautioned that the email could potentially contaminate victims’ devices with fraudulent ransomware. Beaumont also discovered that the hackers had managed to place malicious files on ESET servers, implying a breach in the company’s security measures. A screenshot provided by Beaumont revealed that Google identified the email as hazardous.
In response to the security incident, the Slovakia-based ESET acknowledged that its partner company in Israel had been affected by a recent security breach. They swiftly intervened, blocking a limited malicious email campaign within a mere ten minutes, thereby safeguarding their customers. ESET refuted Beaumont’s assertion that the assault compromised its Israeli branch’s infrastructure, clarifying that ESET itself had not been compromised. The company assured that it was actively cooperating with its partner to conduct further investigations while closely monitoring the situation.
When approached for additional comments beyond their initial statement, ESET directed inquiries to their Israel distributor, Comsecure, which had been impacted by the incident. Beaumont disclosed that the deceptive ESET campaign specifically targeted cybersecurity personnel within various organizations across Israel. The malicious emails were distributed on October 8, coinciding with the anniversary of previous armed incursions by Hamas and other Palestinian militant groups into Israel.
The identity of the threat actor responsible for the campaign remains uncertain, although the modus operandi resembles that of the pro-Palestine group Handala, known for its anti-Israel activities. Earlier in July, Handala claimed responsibility for a phishing scheme posing as the cybersecurity firm CrowdStrike, attempting to install a wiper on Israeli victims’ networks. They also purportedly launched attacks on Israeli Iron Dome radars. A recent report from the cybersecurity company Trellix detailed Handala’s sophisticated attacks and hinted at potential ties to Iran.
In conclusion, the attempted infiltration of Israeli organizations by unknown hackers through fraudulent ESET-branded phishing emails underscores the persistent cybersecurity threats faced by entities worldwide. The incident serves as a stark reminder for organizations to remain vigilant and employ robust security measures to defend against malicious cyber activities.
Albanian 
English 
Serbian 
Croatian 