Hackers impersonated the cybersecurity agency ESET to distribute harmful wiper malware. The marketing campaign, which started on October 8, 2024, utilized phishing emails that appeared to originate from ESET’s professional area.
The malicious emails, purportedly from “ESET’s Superior Risk Protection Workforce,” warned recipients that state-backed attackers have been concentrating on their units.
The emails provided a obtain hyperlink for a fictitious “ESET Unleashed” program to fight this alleged menace.
Upon clicking the hyperlink, victims have been directed to a ZIP file hosted on ESET Israel’s professional area. The archive contained a number of professional ESET DLL information and a malicious Setup.exe, recognized as a wiper malware.
Be part of ANY.RUN's FREE webinar on How one can Enhance Risk Investigations on Oct 23 - Register Right here
In accordance with the DoublePulsar report, Safety researcher Kevin Beaumont, who analyzed the assault, famous that the malware required a bodily PC to activate and exhibited evasion strategies.
The wiper was additionally linked to a professional Israeli information group’s web site, probably to keep away from detection.
ESET acknowledged the incident, stating it affected their associate firm in Israel, Comsecure.
The corporate emphasised that their methods weren’t compromised and that the malicious e mail marketing campaign was blocked inside ten minutes.
The assault focused cybersecurity personnel inside Israeli organizations, suggesting a strategic try and disrupt the nation’s digital protection.
Whereas the perpetrators stay unidentified, the techniques employed bear similarities to these utilized by pro-Palestinian teams like Handala, which has been linked to stylish assaults in opposition to Israeli targets.
It underscores the significance of verifying the authenticity of security-related communications, even after they seem to return from trusted sources.
How one can Select an final Managed SIEM resolution for Your Safety Workforce -> Obtain Free Information (PDF)