Hackers have breached ESET’s exclusive partner in Israel, Comsecure, to launch a targeted phishing campaign aimed at Israeli businesses. Starting on October 8, attackers sent emails branded with ESET’s logo from the legitimate domain eset.co.il, indicating a serious compromise of the email server associated with ESET’s Israeli division. The phishing emails, deceptively purporting to be from “ESET’s Advanced Threat Defense Team,” warned recipients that their devices were under threat from state-backed attackers and offered a seemingly advanced tool called “ESET Unleashed” as a protective measure against these threats.
The phishing emails appeared legitimate, having passed authentication checks including SPF, DKIM, and DMARC, which lent them an air of credibility. Links within the emails directed recipients to download malicious files hosted on the eset.co.il domain. The ZIP archive included four DLL files that were genuine components of ESET’s antivirus software, but it also contained a malicious Setup.exe file designed to function as a data wiper. This malware is engineered to delete all files on the targeted device, complicating recovery efforts by corrupting the partition table.
Cybersecurity expert Kevin Beaumont noted that the Setup.exe utilized advanced evasion techniques, making it challenging for security systems to detect its malicious intent. Although the exact number of targeted organizations remains unknown, this incident highlights the ongoing risks posed by phishing campaigns and data wipers, particularly against Israeli entities. The attack has not yet been attributed to a specific threat actor, but the use of data wipers has been a hallmark of politically motivated attacks against Israel in the past.
This breach serves as a stark reminder of the vulnerabilities that can be exploited within cybersecurity ecosystems. ESET and its partners must enhance security protocols and raise awareness among users to defend against phishing attempts that can lead to the infiltration of destructive malware. Businesses are urged to remain vigilant and scrutinize unsolicited communications, even from seemingly reputable sources, to safeguard their devices and sensitive information from evolving cyber threats.
Reference:
