Ethical Hacking News
Phishing campaigns targeting devices in Israel using data wipers are becoming increasingly sophisticated, with a recent campaign using legitimate email addresses from companies like ESET to distribute malicious software. Organizations and individuals are advised to be vigilant against such phishing attacks.
The phishing campaign used the email address of ESET Israel's distributor, Comsecure, to distribute a malicious data wiper. The phishing email passed various authentication tests but contained a suspicious ZIP archive with digitally signed DLL files and an unsigned Setup.exe file. The "ESET Unleashed" program downloaded onto the victim's device malware designed to target specific organizations in Israel, dubbed "etup.exe." Researchers found it difficult to execute the data wiper successfully on virtual machines and physical PCs, but one expert was able to get it to detonate properly. The attack highlights concerns about state-backed threat actors targeting devices in Israel using data wipers. Organizations are advised to exercise extreme caution when receiving emails from unknown sources claiming to be from ESET.
Phishing campaigns have become increasingly sophisticated, making it challenging for individuals and organizations to distinguish between legitimate emails and malicious ones. Recently, a phishing campaign was discovered that used the email address of ESET Israel's distributor, Comsecure, to distribute a malicious data wiper. The phishing email pretended to be from ESET's Advanced Threat Defense Team, warning customers that government-backed attackers were trying to target their devices. To help protect the device, ESET offered a more advanced antivirus tool called "ESET Unleashed" to counter the threat.
The phishing email passed various authentication tests, including SPF, DKIM, and DMARC, which are measures designed to prevent phishing attacks from reaching legitimate inboxes. The link to download the ESET Unleashed program was hosted on the eset.co.il domain, a move that further added legitimacy to the attack. However, upon closer inspection, the ZIP archive contained four DLL files digitally signed by ESET's legitimate code signing certificate and a Setup.exe file that was not signed.
Upon installation of the "ESET Unleashed" program, malware researchers discovered a malicious data wiper designed to target specific organizations in Israel. The data wiper, which researchers have dubbed "etup.exe," uses various evasion techniques to avoid detection, including the use of a Mutex from the Yanluowang extortion/ransomware group.
Researchers attempted to test the data wiper on virtual machines and physical PCs but found it difficult to execute successfully. However, cybersecurity expert Kevin Beaumont reported that he was able to get the malware to detonate properly on his physical PC, which would reach out to a legitimate Israeli news site at www.oref.org.il.
The recent phishing campaign has raised concerns about the increasing sophistication of state-backed threat actors who are targeting devices in Israel using data wipers. In 2017, an anti-Israel and pro-Palestinian data wiper called IsraBye was discovered in attacks on Israeli organizations. Furthermore, in 2023, Israel suffered a wave of BiBi wiper attacks targeting organizations in the education and technology sectors.
Many of these attacks were linked to Iranian threat actors, whose goal was not to generate revenue but rather to sow chaos and disrupt Israel's economy. While the attack has not been attributed to any particular threat actor or hacktivism, it highlights the importance of staying vigilant against phishing campaigns that use legitimate email addresses to distribute malicious software.
In light of this recent phishing campaign, organizations in Israel are advised to exercise extreme caution when receiving emails from unknown sources claiming to be from ESET. Individuals are also urged to regularly update their antivirus software and ensure that their systems have robust security measures in place to prevent data wiper attacks.
Related Information:
https://www.bleepingcomputer.com/news/security/eset-partner-breached-to-send-data-wipers-to-israeli-orgs/
https://thehackernews.com/2024/10/sidewinder-apt-strikes-middle-east-and.html
https://www.bleepingcomputer.com/news/security/new-bibi-wiper-version-also-destroys-the-disk-partition-table/
Published: Fri Oct 18 14:54:41 2024 by llama3.2 3B Q4_K_M
