Man
Professional
- Messages
- 3,038
- Reaction score
- 561
- Points
- 113
A new campaign with a viper has affected information security specialists in Israel.
ESET denied accusations of compromising its systems after information security specialist Kevin Beaumont spoke about a wiper campaign that looked like an operation carried out using ESET's infrastructure.
According to Beaumont's blog, one of the employees of the Israeli company fell victim to the malware after opening a link in an email purportedly sent by the ESET Advanced Threat Defense team in Israel. The email successfully passed the DKIM and SPF checks for the ESET domain, but Google Workspace marked it as dangerous.
The attack was recorded on October 8 and targeted information security specialists in Israel. The malicious file was distributed through ESET's servers, with recipients being warned that the attack was being carried out by a "state-backed" attacker. Victims were also encouraged to participate in ESET's Unleashed program, which does not actually exist as a standalone initiative, although it was mentioned in the company's branding.
The researcher found several ESET DLLs and a malicious setup.exe in the downloaded file. Beaumont described the program as a fake ransomware virus that mimics the work of the well-known Yanluowang malware. Beaumont also noted that the files on the devices are impossible to recover because it is a wiper.
During the execution, the malware also addressed an organization associated with Iron Swords War Day, timed to commemorate the victims of the October 7, 2023 attack. The facts suggest the possible involvement of hacktivists.
ESET has refuted Beaumont's version of the hacking of the company's Israeli office. The company stressed that the incident affected a partner organization in Israel, and the malicious campaign was blocked within 10 minutes. ESET assured that it successfully blocks the threat, and customers are safe. The company also confirmed that it is working with a partner on an investigation and continues to monitor the situation.
The source of the malicious activity has not yet been identified, but the methods used in the attack are similar to those of the pro-Palestinian group Handala. Researchers from Trellix have previously reported that Handala is actively using wipers to attack Israeli organizations, noting hundreds of incidents in a few weeks in July.
Source
ESET denied accusations of compromising its systems after information security specialist Kevin Beaumont spoke about a wiper campaign that looked like an operation carried out using ESET's infrastructure.
According to Beaumont's blog, one of the employees of the Israeli company fell victim to the malware after opening a link in an email purportedly sent by the ESET Advanced Threat Defense team in Israel. The email successfully passed the DKIM and SPF checks for the ESET domain, but Google Workspace marked it as dangerous.
The attack was recorded on October 8 and targeted information security specialists in Israel. The malicious file was distributed through ESET's servers, with recipients being warned that the attack was being carried out by a "state-backed" attacker. Victims were also encouraged to participate in ESET's Unleashed program, which does not actually exist as a standalone initiative, although it was mentioned in the company's branding.
The researcher found several ESET DLLs and a malicious setup.exe in the downloaded file. Beaumont described the program as a fake ransomware virus that mimics the work of the well-known Yanluowang malware. Beaumont also noted that the files on the devices are impossible to recover because it is a wiper.
During the execution, the malware also addressed an organization associated with Iron Swords War Day, timed to commemorate the victims of the October 7, 2023 attack. The facts suggest the possible involvement of hacktivists.
ESET has refuted Beaumont's version of the hacking of the company's Israeli office. The company stressed that the incident affected a partner organization in Israel, and the malicious campaign was blocked within 10 minutes. ESET assured that it successfully blocks the threat, and customers are safe. The company also confirmed that it is working with a partner on an investigation and continues to monitor the situation.
The source of the malicious activity has not yet been identified, but the methods used in the attack are similar to those of the pro-Palestinian group Handala. Researchers from Trellix have previously reported that Handala is actively using wipers to attack Israeli organizations, noting hundreds of incidents in a few weeks in July.
Source
