A hacker managed to compromise an Israeli business partner of the antivirus software vendor ESET and send phishing emails to clients impersonating the ESET name, said ESET.
The intrusion was discovered after a user reported that on October 8th, they received a suspicious email from “[email protected]” alerting them to “government-backed attackers” attempting to penetrate their computer.
“Your device has been identified among a list of devices currently being targeted by a state-backed threat actor,” the seemingly legitimate email said. To protect the user, the message contained a link to download an “ESET Unleashed program” designed to counter elite hackers.
However, it turns out that the email message really included a link that was hosted via the “backend.store.eset.co.il” domain and was designed to fool people into downloading malware. After analyzing the malware, security researcher Kevin Beaumont discovered that it has the ability to erase all data on a Windows computer.
“Okay… I think ESET Israel got compromised a few weeks ago, and they haven’t told people,” Beaumont added in a post on Mastodon.
ESET responded by confirming the hack on social media on Friday. But the antivirus software company is likewise separating itself from the hack. Rather, Slovakian-based ESET has been emphasizing that its Israeli operations are actually conducted through a third-party business named Comsecure.
“You’ll have to reach out to Comsecure, ESET’s Israel distributor who was impacted, for additional details (about the hack),” an ESET spokesperson told the media.
Comsecure wasn’t available over email or phone on Friday, making it unclear how many users may have been targeted. In the meantime, ESET’s post on social media says: “Based on our initial investigation, a limited malicious email campaign was blocked within ten minutes. ESET technology is blocking the threat, and our customers are secure. ESET was not compromised and is working closely with its partner to further investigate, and we continue to monitor the situation.”
Beaumont, in the meantime, stated that he believes the phishing email might have originated from Handala, a pro-Palestinian hacktivist group that uses the wiper virus.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
