Threat Intel Solutions

* [Cyberattacks -& Data Breaches](/cyberattacks-data-breaches)* [Cyber Risk](/cyber-risk)* [Application Security](/application-security)* [Cybersecurity Operations](/cybersecurity-operations)ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise=================================================================================================================================The security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.  [Tara Seals, Managing Editor, News, Dark Reading](/author/tara-seals)October 18, 2024 2 Min Read  Source: David R. Frazier Photolibrary via Alamy Stock Photo [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel)[](/cdn-cgi/l/email-protection#447b3731262e2127307901170110690636252a20212064132d3421366405303025272f6410253623213037640d37362521287f64022d36296400212a2d213764072b2934362b292d3721622529347f262b203d790d617674302c2b31232c30617674302c21617674222b28282b332d2a2361767422362b296176740025362f617674162125202d2a23617674292d232c306176742d2a3021362137306176743d2b316a61740061740561740061740561767401170110690636252a202120617674132d34213661767405303025272f617674102536232130376176740d3736252128617706617674022d362961767400212a2d2137617674072b2934362b292d37216174006174052c303034376177056176026176023333336a2025362f362125202d2a236a272b29617602273d26213625303025272f3769202530256926362125272c21376176022137213069332d3421366925303025272f6930253623213037692d3736252128)[](https://www.reddit.com/submit?url=https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel&title=ESET-Branded%20Wiper%20Attack%20Targets%20Israel%3B%20Firm%20Denies%20Compromise) Security firm ESET is refuting reports that cyberattackers compromised its platforms and used them to target customers in Israel with dangerous wiper malware. However, it did note that a partner there, Comsecure, was impacted.’We are aware of a security incident which affected our partner company in Israel last week,’ [the firm acknowledged](https://x.com/ESETresearch/status/1847192384448172387) on social media platform X. ‘Based on our initial investigation, a limited malicious email campaign was blocked within ten minutes. ESET technology is blocking the threat and our customers are secure. ESET was not compromised and is working closely with its partner to further investigate and we continue to monitor the situation.’Security researcher Kevin Beaumont (aka Gossi the Dog) prompted the response after blogging about a malicious email that [an ESET user posted](https://forum.eset.com/topic/42733-government-backed-attackers-may-be-trying-to-compromise-your-device-email/) on the ESET user forum. The email was flagged as malicious, with the subject line, ‘Government-Backed Attackers May Be Trying to Compromise Your Device!’ It purported to be from the ESET team, offering extra security defense in the face of an ongoing attack:Source: ESET user forum.The email had a .ZIP attachment that, if opened, unpacked a [destructive wiper malware](https://www.darkreading.com/cyberattacks-data-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months) that bears resemblance to that used by the [Handala threat group](https://www.splunk.com/en_us/blog/security/handalas-wiper-threat-analysis-and-detections.html), according to the person who flagged the email for Beaumont. Handala, so named for the [political cartoon character](https://en.wikipedia.org/wiki/Handala) that has come to personify the Palestinian people’s national identity, is known for [targeting Israeli organizations](https://www.trellix.com/blogs/research/handalas-wiper-targets-israel/) with file-destroying wipers in the wake of the Oct. 7 Hamas attacks and resulting war.Related:[Dark Reading Confidential: Meet the Ransomware Negotiators](/cyberattacks-data-breaches/meet-the-ransomware-negotiators)Beaumont noted, ‘I managed to obtain the email, which [passes both DKIM and SPF checks](https://www.darkreading.com/vulnerabilities-threats/3-major-email-security-standards-falling-down-on-the-job) for coming from ESET’s store,’ he said [in the blog post](https://doublepulsar.com/eiw-eset-israel-wiper-used-in-active-attacks-targeting-israeli-orgs-b1210aed7021). ‘Additionally, the link is indeed to backend.store.eset.co.il — owned by ESET Israel.'[This led Beaumont to conclude](https://infosec.exchange/@GossiTheDog@cyberplace.social/113325081891565526) via Mastodon, ‘ESET Israel definitely got compromised, this thing is fake ransomware that talks to an Israeli news org server for whatever reason.’ESET has now categorically refuted that takeaway, so the assumption is that the cyberattackers were using some sort of MO to [get around anti-spoofing measures](https://www.darkreading.com/threat-intelligence/20-million-trusted-domains-vulnerable-to-email-hosting-exploits) for the email and the .ZIP link. ESET did not immediately return a request for comment from Dark Reading for more information on Comsecure’s role in the incident and the attack routine.The campaign is now blocked for ESET customers. Read more about:[DR Global Middle East -& Africa](/keyword/middle-east-africa) [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel)[](/cdn-cgi/l/email-protection#dae5a9afb8b0bfb9aee79f899f8ef798a8bbb4bebfbefa8db3aabfa8fa9baeaebbb9b1fa8ebba8bdbfaea9fa93a9a8bbbfb6e1fa9cb3a8b7fa9ebfb4b3bfa9fa99b5b7aaa8b5b7b3a9bffcbbb7aae1b8b5bea3e793ffe8eaaeb2b5afbdb2aeffe8eaaeb2bfffe8eabcb5b6b6b5adb3b4bdffe8eabca8b5b7ffe8ea9ebba8b1ffe8ea88bfbbbeb3b4bdffe8eab7b3bdb2aeffe8eab3b4aebfa8bfa9aeffe8eaa3b5aff4ffea9effea9bffea9effea9bffe8ea9f899f8ef798a8bbb4bebfbeffe8ea8db3aabfa8ffe8ea9baeaebbb9b1ffe8ea8ebba8bdbfaea9ffe8ea93a9a8bbbfb6ffe998ffe8ea9cb3a8b7ffe8ea9ebfb4b3bfa9ffe8ea99b5b7aaa8b5b7b3a9bfffea9effea9bb2aeaeaaa9ffe99bffe89cffe89cadadadf4bebba8b1a8bfbbbeb3b4bdf4b9b5b7ffe89cb9a3b8bfa8bbaeaebbb9b1a9f7bebbaebbf7b8a8bfbbb9b2bfa9ffe89cbfa9bfaef7adb3aabfa8f7bbaeaebbb9b1f7aebba8bdbfaea9f7b3a9a8bbbfb6)[](https://www.reddit.com/submit?url=https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel&title=ESET-Branded%20Wiper%20Attack%20Targets%20Israel%3B%20Firm%20Denies%20Compromise) About the Author—————- [Tara Seals, Managing Editor, News, Dark Reading](/author/tara-seals)
Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast. [See more from Tara Seals, Managing Editor, News, Dark Reading](/author/tara-seals) Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. [Subscribe](https://dr-resources.darkreading.com/free/w_defa3135/prgm.cgi)You May Also Like*** ** * ** ***More Insights Webinars* [Social Engineering: New Tricks, New Threats, New Defenses](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_goog80&ch=SBX&cid=_upcoming_webinars_8.500001487&_mc=_upcoming_webinars_8.500001487)* [10 Emerging Vulnerabilities Every Enterprise Should Know](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_cenu63&ch=SBX&cid=_upcoming_webinars_8.500001480&_mc=_upcoming_webinars_8.500001480)* [Simplify Data Security with Automation](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_rubr114&ch=SBX&cid=_upcoming_webinars_8.500001488&_mc=_upcoming_webinars_8.500001488)* [Unleashing AI to Assess Cyber Security Risk](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_dark71&ch=SBX&cid=_upcoming_webinars_8.500001492&_mc=_upcoming_webinars_8.500001492)* [Securing Tomorrow, Today: How to Navigate Zero Trust](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7186&ch=SBX&cid=_upcoming_webinars_8.500001490&_mc=_upcoming_webinars_8.500001490)[More Webinars](/resources?types=Webinar) Events* [State of AI in Cybersecurity: Beyond the Hype](https://darkreadingve.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6891&ch=SBX&cid=_session_16.500324&_mc=_session_16.500324)* [-[Virtual Event-] The Essential Guide to Cloud Management](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6833&ch=iwkSBX&cid=_session_16.500323&_mc=_session_16.500323)* [Black Hat Europe – December 9-12 – Learn More](https://www.blackhat.com/upcoming.html#europe?cid=_session_16.500321&_mc=_session_16.500321)* [SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More](https://www.blackhat.com/sector/2024/?cid=_session_16.500320&_mc=_session_16.500320)[More Events](/events) ### Editor’s Choice[A laptop on the table with software update progress bar on screen ](/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now)[Vulnerabilities -& Threats](/vulnerabilities-threats) [5 Zero-Days in Microsoft’s October Update to Patch Immediately](/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now)[5 Zero-Days in Microsoft’s October Update to Patch Immediately](/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now) by[Jai Vijayan, Contributing Writer](/author/jai-vijayan) Oct 8, 2024 4 Min Read [Flags of Russia and Ukraine _Daniren_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)](/cyber-risk/eu-sanctions-sabotage-cyberattacks-russia)[Cyber Risk](/cyber-risk) [EU Plans Sanctions for Cyberattackers Acting on Behalf of Russia](/cyber-risk/eu-sanctions-sabotage-cyberattacks-russia)[EU Plans Sanctions for Cyberattackers Acting on Behalf of Russia](/cyber-risk/eu-sanctions-sabotage-cyberattacks-russia) by[Jennifer Lawinski, Contributing Writer](/author/jennifer-lawinski) Oct 10, 2024 1 Min Read [A face scan of Indian Prime Minister Modi ](/threat-intelligence/ai-powered-cybercrime-cartels-asia)[Threat Intelligence](/threat-intelligence) [AI-Powered Cybercrime Cartels on the Rise in Asia](/threat-intelligence/ai-powered-cybercrime-cartels-asia)[AI-Powered Cybercrime Cartels on the Rise in Asia](/threat-intelligence/ai-powered-cybercrime-cartels-asia) by[Nate Nelson, Contributing Writer](/author/nate-nelson) Oct 10, 2024 4 Min Read Reports* [Managing Third-Party Risk Through Situational Awareness](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_cybo171&ch=&cid=_analytics_7.300006016&_mc=_analytics_7.300006016)Jul 31, 2024* [2024 InformationWeek US IT Salary Report](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_ingg253&ch=sbx&cid=_analytics_7.300006014&_mc=_analytics_7.300006014)May 29, 2024[More Reports](/resources?types=Report) Webinars* [Social Engineering: New Tricks, New Threats, New Defenses](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_goog80&ch=SBX&cid=_upcoming_webinars_8.500001487&_mc=_upcoming_webinars_8.500001487)Oct 23, 2024* [10 Emerging Vulnerabilities Every Enterprise Should Know](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_cenu63&ch=SBX&cid=_upcoming_webinars_8.500001480&_mc=_upcoming_webinars_8.500001480)Oct 30, 2024* [Simplify Data Security with Automation](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_rubr114&ch=SBX&cid=_upcoming_webinars_8.500001488&_mc=_upcoming_webinars_8.500001488)Oct 31, 2024* [Unleashing AI to Assess Cyber Security Risk](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_dark71&ch=SBX&cid=_upcoming_webinars_8.500001492&_mc=_upcoming_webinars_8.500001492)Nov 12, 2024* [Securing Tomorrow, Today: How to Navigate Zero Trust](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7186&ch=SBX&cid=_upcoming_webinars_8.500001490&_mc=_upcoming_webinars_8.500001490)Nov 13, 2024[More Webinars](/resources?types=Webinar) White Papers* [Solution Brief: Introducing the runZero Platform](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6967&ch=SBX&cid=_whitepaper_14.500005792&_mc=_whitepaper_14.500005792)* [Gartner Report: Cyber Asset Attack Surface Management](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6966&ch=SBX&cid=_whitepaper_14.500005791&_mc=_whitepaper_14.500005791)* [The ROI of RevealX Against Ransomware](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6910&ch=SBX&cid=_whitepaper_14.500005780&_mc=_whitepaper_14.500005780)* [RevealX Catches Ransomware Within Days of Deployment at WCH](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6909&ch=SBX&cid=_whitepaper_14.500005779&_mc=_whitepaper_14.500005779)* [SecOps Checklist](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_senu25&ch=SBX&cid=_whitepaper_14.500005771&_mc=_whitepaper_14.500005771)[More Whitepapers](/resources?types=Whitepaper) Events* [State of AI in Cybersecurity: Beyond the Hype](https://darkreadingve.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6891&ch=SBX&cid=_session_16.500324&_mc=_session_16.500324)Oct 30, 2024* [-[Virtual Event-] The Essential Guide to Cloud Management](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6833&ch=iwkSBX&cid=_session_16.500323&_mc=_session_16.500323)Oct 17, 2024* [Black Hat Europe – December 9-12 – Learn More](https://www.blackhat.com/upcoming.html#europe?cid=_session_16.500321&_mc=_session_16.500321)Dec 10, 2024* [SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More](https://www.blackhat.com/sector/2024/?cid=_session_16.500320&_mc=_session_16.500320)Oct 22, 2024[More Events](/events)

Related Tags:
NAICS: 92 – Public Administration

NAICS: 51 – Information

NAICS: 928 – National Security And International Affairs

Blog: Dark Reading

Phishing: Spearphishing Link

Phishing: Spearphishing Attachment

Phishing

Impair Defenses: Disable or Modify Tools

Impair Defenses

Associated Indicators:
null