Hackers Breach ESET’s Israel Partner, Sending Phishing Emails with Data Wipers
In a recent cybersecurity breach, hackers infiltrated the email server of Comsecure, ESET’s exclusive distributor in Israel, to launch a phishing campaign aimed at Israeli businesses. Disguised as legitimate antivirus software, the attackers used data wipers, malicious software designed to erase files and corrupt systems, posing a destructive threat.
The Phishing Campaign
The attack began on October 8th, when phishing emails branded with ESET’s logo were sent from the legitimate eset.co.il domain. This raised alarms, as it indicated the Israel division's email server was compromised. While the eset.co.il domain appeared official, ESET confirmed that it is actually managed by Comsecure, their local partner.
The emails falsely claimed to be from "ESET’s Advanced Threat Defense Team," warning recipients that their devices were targeted by government-backed attackers. To protect against this so-called threat, the email offered "ESET Unleashed," an advanced antivirus tool purportedly designed to counter targeted attacks.
Email Authenticity and Malicious Payload
The phishing emails passed SPF, DKIM, and DMARC authentication tests, adding credibility to the messages. The download link provided in the emails pointed to the legitimate eset.co.il domain, further deceiving recipients.
Once downloaded, the ZIP archive contained four DLL files signed with ESET's legitimate code-signing certificate. However, the malicious payload lay in a Setup.exe file, which acted as a data wiper designed to erase files from the system. While BleepingComputer’s attempt to test the wiper on a virtual machine failed, cybersecurity expert Kevin Beaumont successfully detonated the malware on a physical machine. He noted that the wiper attempted to evade detection and connected to a legitimate Israeli news site, www.oref.org.il.
Impact and Uncertainty
Although the exact number of targeted companies remains unknown, this breach showcases the severity of phishing attacks that exploit trusted brands like ESET. As of now, it’s unclear how Comsecure’s systems were compromised or which specific threat actors are behind the attack. Despite the lack of clear attribution, the use of data wipers is reminiscent of previous attacks against Israel by Iranian-affiliated groups.
Historical Context of Data Wiper Attacks
Data wipers have been a favored weapon in cyberattacks against Israel. In 2017, the pro-Palestinian IsraBye wiper targeted Israeli organizations, and in 2023, a wave of BiBi wiper attacks disrupted sectors such as education and technology. These campaigns often aim to create chaos rather than generate profit, aligning with state-sponsored objectives to destabilize Israel’s economy.
Source: yahoo.com
No comments:
Post a Comment