Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Social Engineering
Phishing Emails Impersonating Eset Target Cybersecurity Professionals With Malware
Cybercriminals posing as a top security firm in Israel have launched wiper attacks on local cybersecurity professionals after bypassing significant security measures, according to recent reports. Cybersecurity firm Eset said threat actors did not compromise its systems.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Security researcher Kevin Beaumont warned Thursday of phishing attempts impersonating the Eset Advanced Threat Defense Team in Israel, which Google Workspace flagged as malicious despite even though the email passed authentication protocols meant to prevent spoofing. The fake Oct. 8 email claimed nation-state attackers were attempting to compromise the user’s device after Eset’s threat intelligence division “identified a geopolitically motivated threat group” targeting technology equipment in the area.
Eset did not immediately return requests for comment from Information Security Media Group, but posted a statement Friday to social media platform X that the company is aware “of a security incident which affected our partner company in Israel last week.” The statement said an initial investigation determined that “a limited malicious email campaign was blocked within 10 minutes.”
“Eset technology is blocking the threat and our customers are secure,” the statement continued, adding that “Eset was not compromised” and the company “is working closely with its partner to investigate, and we continue to monitor the situation.”
The malicious email invited users to click on download links to access Eset’s non-existent “Unleashed” program, a term the company has used in the past. Beaumont said the link went to a domain allegedly owned by Eset Israel, writing in his blog: “It is unclear why the download is offline and Eset hadn’t told people about what happened.”
The malicious download “uses a host of obvious techniques to try to evade detection,” Beaumont added, noting that he was only able to get the malware to operate properly on a physical PC.
“It appears there is no way to actually recover,” Beaumont wrote. “It’s a wiper.”
Israeli security and IT professionals have been targeted in recent high-profile hacking campaigns, including Iranian state-sponsored attacks targeting logistics, transportation and technology firms (see: Iranian Hackers Target Israeli Logistics and IT Companies).