HQ/EMEAFind out how we can help your business
A sophisticated phishing attack targeting cybersecurity professionals across Israel has been uncovered, involving a fake email campaign that leverages the trusted branding of ESET, a well-known cybersecurity firm.
The threat actor behind the attack has not been disclosed, but researchers have speculated on a possible connection to the Handala Hack Team, a group known for wiping data and issuing political threats.
The phishing attack was discovered after a recipient reported it on the ESET forum, with ESET confirming it as a security incident.
The attack came to light after one of the targeted recipients reported the incident on the ESET forum. ESET later confirmed the phishing attempt, describing it as a “security incident.” The email used in the attack was styled to appear as if it came from ESET’s Advanced Threat Defense Team, a legitimate division within the company. The email urged recipients to download what was claimed to be security software branded as “ESET Unleashed.”
The link provided in the email directed users to a URL that appeared to belong to ESET Israel: backend.store.eset.co.il, which the company indeed owns. However, the download was a malicious ZIP file that contained various ESET DLL files alongside a setup.exe file. Upon running the setup.exe, the malicious payload was deployed, using several techniques to evade detection.
The malicious setup.exe file behaves as a wiper, designed to erase data from infected systems irreversibly. Once activated, it destroys critical files, leaving no option for recovery. The phishing campaign specifically targeted cybersecurity professionals within organisations, adding another layer of concern for those in sensitive roles.
The Handala Hack Team, a politically motivated group with a history of erasing organisation data, is suspected of being behind the attack; however, the threat actor’s precise identity is yet unknown. They have a history of threatening Israeli organisations, which fits the narrative of this occurrence.
One concerning aspect of the incident is the likelihood that the attacker may have accessed authentic ESET infrastructure, notably the email servers and branded store of ESET Israel or its managing firm, ComSecure Ltd. Nonetheless, the security company has made it clear that they have not been breached and that the phishing attempt is more of a general security event than a systemic breach.
The phishing campaign has sparked concerns within the Israeli cybersecurity community, as it shows how trusted brands like ESET can be exploited to distribute malware. Authorities and cybersecurity researchers are continuing to investigate the origins of the attack and the potential involvement of politically motivated groups.
Organisations across Israel are being advised to remain vigilant and exercise caution when receiving unexpected emails, particularly those appearing to come from cybersecurity firms.
