ESET partner breached to send data wipers to Israeli orgs

pMicrosoft rereleases Exchange updates after fixing mail deliveryppSpyLoan Android malware on Google play installed 8 million timesppNew Windows Server 2012 zeroday gets free unofficial patchesppTor needs 200 new WebTunnel bridges to fight censorshipppMozilla really wants you to easily set Firefox as default Windows browserppIts only 50 to train for these CompTIA exams in this course dealppGoogle Chromes AI feature lets you quickly check website trustworthinessppNovel phising campaign uses corrupted Word documents to evade securityppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppHackers breached ESETs exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacksppA data wiper is malware that intentionally deletes all of the files on a computer and commonly removes or corrupts the partition table to make it harder to recover the datappIn a phishing campaign that started on October 8th emails branded with ESETs logo were sent from the legitimate esetcoil domain indicating that the Israel divisions email server was breached as part of the attackppWhile the esetcoil domain is branded with ESETs content and logos ESET told BleepingComputer it is operated by Comsecure their Israel distributorppppThe emails pretend to be from ESETs Advanded Threat Defense Team warning customers that governmentbacked attackers are trying to target the recipients device To help protect the device ESET offers a more advanced antivirus tool called ESET Unleashed to protect against the threatppYour device has been identified among a list of devices currently being targeted by a statebacked threat actor Information attained by ESETs Threat Intelligence Division has identified a geopolitically motivated threat group as having attempted to target your machine within the last 14 days of this email reads the phishing email obtained by BleepingComputerppAs part of ESETs Advanced Threat Defense program ESETATD ESET is providing you access to the ESET Unleashed program designed to counter advanced targeted threats for you to install on up to 5 devices of yoursppFrom the phishing email headers BleepingComputer has confirmed that the email originated from legitimate mail servers for esetcoil passing SPF DKIM and DMARC authentication testsppTo further add legitimacy to the attack the link to the download was hosted on esetcoil domain at URLs like httpsbackendstoreesetcoilpub2eb524d79ce77d5857abe1fe4399a58dESETUnleashed081024zip which are now disabledppThis ZIP archive VirusTotal contains four DLL files digitally signed by ESETs legitimate code signing certificate and a Setupexe that is not signedppThe four DLLs are legitimate files distributed as part of ESETs antivirus software However the Setupexe VirusTotal is the malicious data wiperppBleepingComputer attempted to test the wiper on a virtual machine but the executable automatically crashedppCybersecurity expert Kevin Beaumont had better success when run on a physical PC stating that it would reach out to a legitimate Israeli news site at wwworeforgilppetupexe is malicious It uses a host of obvious techniques to try to evade detection explains BeaumontppI could only get it to detonate properly on a physical PC It calls variously obviously malicious things eg it uses a Mutex from the Yanluowang extortionransomware groupppAt this time it is unknown how many companies were targeted in this phishing campaign or how Comsecure ESETs Israeli distributor was breachedppBleepingComputer emailed various people at Comsecure including its CEO but has not received a reply yetppWhile the attack has not been attributed to any particular threat actor or hacktivism data wipers have long been a popular tool in attacks against IsraelppIn 2017 an antiIsrael proPalestinian data wiper called IsraBye was discovered in attacks on Israeli organizationsppIn 2023 Israel suffered a wave of BiBi wiper attacks targeting organizations including in the education and technology sectorsppMany of these attacks were linked to Iranian threat actors whose goal was not to generate revenue but rather to sow chaos and disrupt Israels economyppPhishing emails increasingly use SVG attachments to evade detectionppBumblebee malware returns after recent law enforcement disruptionppNovel phising campaign uses corrupted Word documents to evade securityppNew Rockstar 2FA phishing service targets Microsoft 365 accountsppHackers abuse Avast antirootkit driver to disable defensesppNice I like itppDownloaded the zip and reversed the binary by myself They even embedded a propaganda video showing dead soldiers terrible times we are living inppComsecure are absolute shit Not only do they jack up prices way above anything that can be found on the official ESET website under the pretense of the comfort of receiving support in Hebrew what even if you dont purchase from them you still get routed to them when you need support and guess what they are extremely slow and dont actually read what you wrote ESET please drop them and get a better partner in IsraelppNot a member yet Register NowppNew Windows Server 2012 zeroday gets free unofficial patchesppNew Rockstar 2FA phishing service targets Microsoft 365 accountsppSpyLoan Android malware on Google play installed 8 million timesppSolving the painful password problem with better policiesppHow to leverage 200 million FCC program boosting K12 cybersecurityppWhy Cybersecurity Leaders Trust the MITRE ATTCK EvaluationsppCynet delivers 426 ROI in Forrester Total Economic Impact StudyppThe Actual Cost of Forgotten PasswordsppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp