October 18, 2024 at 07:08AM
ESET has denied being compromised following allegations of a wiper campaign originating from its infrastructure. An infosec researcher reported an email targeting cybersecurity professionals in Israel, linked to a campaign by the pro-Palestine Handala group, but ESET stated it blocked the threat within ten minutes and is investigating the incident.
**Meeting Takeaways:**
1. **ESET’s Denial of Compromise**: ESET has denied being compromised following allegations of a wiper campaign that falsely appeared to originate from their infrastructure.
2. **Incident Highlighted by Researcher**: Infosec researcher Kevin Beaumont reported that an Israeli company became infected after clicking a malicious email allegedly sent from the ESET Advanced Threat Defense Team.
3. **Email Analysis**:
– The email passed DKIM and SPF checks but was flagged as malicious by Google Workspace.
– It was sent on October 8 to cybersecurity professionals in Israel and included a .ZIP download from ESET servers.
4. **Malicious Download Contents**: The download reportedly contained ESET DLLs and a malicious setup.exe, described as “fake ransomware,” potentially linked to the Yanluowang ransomware payload.
5. **Suspicion of Hacktivist Involvement**: The email made calls to a memorial organization related to the Iron Swords War, which raises questions about potential hacktivist involvement based on the timing of the attacks.
6. **ESET’s Official Response**: ESET stated that they were aware of a security incident involving a partner company in Israel, confirmed that a limited malicious email campaign was blocked rapidly, and reassured customers that their security remains intact.
7. **Unknown Source and Possible Perpetrators**: The origin of the malicious activity is still undetermined, but it aligns with the modus operandi of the pro-Palestine Handala group, known for conducting wiper attacks against Israeli entities.
8. **Recent Activities of Handala Group**: The Handala group has targeted various organizations and public figures in Israel, leaking what they claim to be private documents and thus creating national security concerns.
9. **Organizations Affected by Handala**: Recent targets include Doscast, Soreq Nuclear Research Center, Max Shop, and Silver Shadow.
10. **Monitoring and Investigation**: ESET is working closely with its partner to investigate the incident further and is committed to ongoing monitoring of the situation.