HomeSecurity ArchitectureESET denies compromise of Israel branch amidst targeted attacks - The Register

ESET denies compromise of Israel branch amidst targeted attacks – The Register

Published on

spot_img

ESET, a prominent cybersecurity company, has firmly denied any involvement in a recent wiper campaign targeting victims in Israel. The campaign, which appeared to be orchestrated using ESET’s infrastructure, was brought to light by infosec researcher Kevin Beaumont. Beaumont outlined a scenario where an Israeli business fell victim to a wiper attack after an employee clicked on a link in an email that appeared to be from ESET’s Advanced Threat Defense Team in Israel. Despite the email passing DKIM and SPF checks against ESET’s domain, Google Workspace flagged it as malicious.

The initial email, which was distributed on October 8, specifically targeted cybersecurity professionals in Israel and contained a .ZIP file hosted on ESET servers. Recipients were informed that their devices were being targeted by a “state-backed threat actor” and were invited to join ESET’s Unleashed program, a program that Beaumont noted may not exist as a standalone initiative but is sometimes referenced by the vendor. The malicious download included various ESET DLLs and a fake ransomware setup.exe, which made calls to known ransomware payloads.

Interestingly, the wiper attack coincided with the Iron Swords War memorial day, which commemorates lives lost when Hamas troops attacked Israel on October 7, 2023. This timing, along with the targets being cybersecurity professionals in Israel, has raised suspicions of possible hacktivist motives behind the campaign.

Beaumont emphasized the severity of the attack, stating that there seems to be no way to recover from it as it is a wiper, designed to irreversibly wipe data. However, ESET quickly responded to the situation, refuting claims that their Israel branch had been compromised. The company asserted that they had promptly blocked a limited malicious email campaign within ten minutes and that their technology was effectively protecting customers from the threat.

The source of the malicious activity remains unknown, but the tactics used in the attack align closely with previous actions attributed to the pro-Palestine Handala group. Trellix researchers previously highlighted Handala’s history of wiper attacks in Israel, with the group targeting numerous Israeli organizations in recent months. The Israeli government issued an urgent warning in response to the incidents, which have now escalated to the leaking of private files and emails from prominent Israeli figures.

Recent victims of Handala’s activities include Doscast, Soreq Nuclear Research Center, Max Shop, and Silver Shadow. These ongoing cyberattacks underscore the importance of robust cybersecurity measures to defend against evolving threats in the digital landscape. ESET continues to monitor the situation closely and collaborate with their partners to investigate further.

Source link

Latest articles

ClickFix and Removable Media: Key Malware Delivery Methods

Cybersecurity Trends: The Rise of ClickFix and USB-Based Attacks In the ever-evolving landscape of cybersecurity,...

Ransomware Negotiator Sentenced to 70 Months in Prison for Supporting BlackCat Attacks

Former Ransomware Negotiator Sentenced for Betrayal and Extortion In a significant legal development, a 41-year-old...

New Ransomware Uses Malicious Driver to Bypass Security Protections

Emerging Threat: GodDamn Ransomware Leverages Microsoft-Signed Drivers for Enhanced Evasion Tactics The landscape of ransomware...

Addressing Synthetic Media Challenges to Preserve Trust

The Rising Threat of Synthetic Media: Insights from VerifyLabs.AI Synthetic media, particularly in the form...

More like this

ClickFix and Removable Media: Key Malware Delivery Methods

Cybersecurity Trends: The Rise of ClickFix and USB-Based Attacks In the ever-evolving landscape of cybersecurity,...

Ransomware Negotiator Sentenced to 70 Months in Prison for Supporting BlackCat Attacks

Former Ransomware Negotiator Sentenced for Betrayal and Extortion In a significant legal development, a 41-year-old...

New Ransomware Uses Malicious Driver to Bypass Security Protections

Emerging Threat: GodDamn Ransomware Leverages Microsoft-Signed Drivers for Enhanced Evasion Tactics The landscape of ransomware...