{"id":5815,"date":"2024-10-18T11:59:18","date_gmt":"2024-10-18T16:59:18","guid":{"rendered":"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/eset-wiper-attack-targets-israel"},"modified":"2024-10-18T11:59:18","modified_gmt":"2024-10-18T16:59:18","slug":"eset-branded-wiper-attack-targets-israel-firm-denies-compromise","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/18\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise\/","title":{"rendered":"ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise"},"content":{"rendered":"
<\/a><\/div>\n

Security firm ESET is refuting reports that cyberattackers compromised its platforms and used them to target customers in Israel with dangerous wiper malware.<\/span><\/p>\n

\u201cWe are aware of a security incident which affected our partner company in Israel last week,\u201d it <\/span>acknowledged<\/a><\/span> on X, formerly known as Twitter. \u201cBased on our initial investigation, a limited malicious email campaign was blocked within ten minutes. ESET technology is blocking the threat and our customers are secure. ESET was not compromised and is working closely with its partner to further investigate and we continue to monitor the situation.\u201d<\/span><\/p>\n

Security researcher Kevin Beaumont (aka Gossi the Dog) prompted the response after blogging about a malicious email that an ESET user <\/span>posted<\/a><\/span> on the ESET user forum. The email was flagged as malicious, with the subject line, “Government-Backed Attackers May Be Trying to Compromise Your Device!” It purported to be from the ESET team, offering extra security defense in the face of an ongoing attack:<\/span><\/p>\n

\"ESET_Email.png\"<\/p>\n

Source: ESET user forum.<\/span><\/span><\/p>\n

The email had a .ZIP attachment that, if opened, unpacked a <\/span>destructive wiper malware<\/a><\/span> that bears resemblance to that used by the <\/span>Handala<\/a><\/span> threat group, according to the person who flagged the email for Beaumont. Handala, so named for the <\/span>political cartoon character<\/a><\/span> that has come to personify the Palestinian people\u2019s national identity, has become known for <\/span>targeting Israeli organizations<\/a><\/span>  with file-destroying wipers in the wake of the Oct. 7 Hamas attacks and resulting war.<\/span><\/p>\n

Related:<\/span>Dark Reading Confidential: Meet the Ransomware Negotiators<\/a><\/p>\n

Beaumont noted, “I managed to obtain the email, which <\/span>passes both DKIM and SPF checks<\/a><\/span> for coming from ESET\u2019s store,” he said in the <\/span>blog<\/a><\/span>. “Additionally, the link is indeed to backend.store.eset.co.il \u2014 owned by ESET Israel.”<\/span><\/p>\n

This led him to <\/span>conclude<\/a><\/span> via Mastodon, “ESET Israel definitely got compromised, this thing is fake ransomware that talks to an Israeli news org server for whatever reason.”<\/span><\/p>\n

ESET has now categorically refuted that takeaway, so the assumption is that the cyberattackers were using some sort of MO to <\/span>get around anti-spoofing measures<\/a><\/span> for the email and the .ZIP link. ESET did not immediately return a request for comment from Dark Reading.<\/span><\/p>\n

The campaign is now blocked for ESET customers.<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Security firm ESET is refuting reports that cyberattackers compromised its<\/p>\n","protected":false},"author":12,"featured_media":5816,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-5815","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/eset-branded-wiper-attack-targets-israel-firm-denies-compromise-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5815"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5815\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/5816"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}