In a recent cyber attack, perpetrators attempted to distribute wiper malware to employees at various organizations in Israel by posing as cybersecurity firm ESET through email. The attack came in the form of a phishing email supposedly sent by the “Eset Advanced Threat Defense Team”, cautioning the recipients that state-sponsored hackers were attempting to compromise their devices.
The phishing email was brought to light on October 8 when a recipient posted it on the ESET Security Forum, seeking clarification on whether it was a phishing scam. Security researcher Kevin Beaumont analyzed the email and confirmed that it passed both DKIM and SPF checks as coming from ESET’s store. Furthermore, the link provided in the email directed to backend.store.eset.co.il, which is owned by ESET Israel. After examining the ZIP file that the targets were instructed to download, Beaumont discovered that it was actually a wiper disguised as ransomware, which he named ESET Israel Wiper. This particular malware requires physical access to a PC and time to execute its malicious activities.
Over the past few weeks, Israeli companies have been repeatedly targeted with wiper malware amidst the ongoing Gaza-Israel conflict. Beaumont’s investigation into the incident prompted ESET Research to acknowledge a “security incident” that occurred at a partner company in Israel a week prior. The research arm of ESET stated that a limited malicious email campaign was swiftly blocked within ten minutes, assuring that their technology effectively defended against the threat and their customers’ security remained intact. ESET clarified that they were not compromised and are collaborating closely with their partner company to conduct a thorough investigation and monitor the situation.
It is believed that the attackers gained access to accounts, allowing them to carry out this nefarious scheme. ESET’s Israel branch, operated by ComSecure Ltd under the ESET brand, was seemingly the target of the hack, with the emails and downloads bearing ESET’s name and being sent from the partner’s infrastructure. As Beaumont pointed out, the most probable scenario for how the attackers accomplished this breach is through the compromise of accounts.
The incident serves as a stark reminder of the persistent threat posed by cybercriminals and the importance of remaining vigilant against phishing attacks and malware distribution. Organizations, particularly those in sensitive sectors, must bolster their cybersecurity measures to safeguard against such malicious activities. This case also underscores the critical role of cybersecurity firms like ESET in detecting and mitigating cyber threats to protect their clients from potential harm.