ESET Distributor’s Systems Abused to Deliver Wiper Malware 

Share This Post

ESET has launched an investigation after the systems of its official product distributor in Israel were abused to send out emails delivering wiper malware.

The targeted users received an email — signed by ESET’s Advanced Threat Defense (ATD) team — informing them about government-backed attackers trying to compromise their devices.

Researcher Kevin Beaumont has analyzed the attack and determined that the email passed DKIM and SPF checks, and it included a link to the ESET Israel store. In addition, ESET ATD is a real unit of the cybersecurity firm.   

However, the link pointed to a ZIP file containing some ESET DLLs and an executable named ‘setup.exe’ designed to deploy a wiper malware on the victim’s system.

While reports of the malicious emails impersonating ESET have been circulating since at least October 9, ESET apparently only issued a response late last week.

“We are aware of a security incident which affected our partner company in Israel last week,” ESET said. “Based on our initial investigation, a limited malicious email campaign was blocked within ten minutes. ESET technology is blocking the threat and our customers are secure. ESET was not compromised and is working closely with its partner to further investigate and we continue to monitor the situation.”

A company called Comsecure appears to be the exclusive ESET product distributor in Israel and the targets appear to have been Israeli users. At least one organization in Israel was reportedly hit by the wiper

Beaumont has found some ties between this attack and two Iran-linked threat groups known for anti-Israel attacks: one named Handala, which according to the researcher has been defacing websites and allegedly exfiltrating data; and CyberToufan, which has been wiping systems.

Advertisement. Scroll to continue reading.

SecurityWeek has reached out to ESET for further clarifications and will update this article if the company shares any additional information.

Related: Zscaler Confirms Only Isolated Test Server Was Hacked

Related: CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

Related: ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .