Hackers Mimic As  ESET To Attack Organizations With Wiper Malware


Hackers impersonated ESET, a prominent cybersecurity firm, to attack organizations with destructive wiper malware. The attack, which began on October 8, 2024, involved a phishing campaign that exploited ESET’s brand and infrastructure to deceive victims.

The malicious actors sent emails purporting to be from ESET’s Advanced Threat Defense Team, warning recipients that state-backed attackers were targeting their devices.

SIEM as a Service

These emails, which passed DKIM and SPF authentication checks, contained links to download a fake security tool called “ESET Unleashed.”

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)

Security researcher Kevin Beaumont uncovered the attack, and it looks like the malicious files were hosted on ESET Israel’s legitimate domain.

Connection Website

The downloaded ZIP file contained genuine ESET DLLs alongside a malicious setup.exe, which was identified as a wiper masquerading as ransomware.

The wiper malware, dubbed “EIW” (ESET Israel Wiper) by researcher Costin Raiu, was designed to irreversibly erase data from infected systems.

Analysis revealed politically motivated messages embedded in the malware, suggesting a possible connection to pro-Palestinian hacktivists.

ESET has acknowledged a “security incident” affecting its partner company in Israel, Comsecure. The company stated that the malicious email campaign was blocked within ten minutes and emphasized that ESET’s own systems were not compromised.

However, using authenticated ESET domains in the attack raises questions about the extent of the breach.

The campaign targeted cybersecurity personnel within Israeli organizations, indicating a strategic attempt to disrupt the country’s digital defenses.

The timing of the attack, coinciding with the anniversary of the October 2023 Hamas incursion, further suggests political motivations.

While the attackers’ identity remains unconfirmed, similarities have been noted with previous campaigns attributed to the pro-Palestine group Handala. This group has been linked to sophisticated attacks against Israeli targets in recent months.

This incident highlights the evolving tactics of cyber threat actors, increasingly impersonating trusted security vendors to bypass defenses.

As investigations continue, ESET and its partners are working to mitigate the attack’s impact and prevent future incidents.

Organizations, particularly those in Israel, are advised to exercise caution with unsolicited emails and to verify the authenticity of security-related communications through official channels.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here





Source link