“Hey ESET, Wait for the Leak”: Dissecting the “OctoberSeventh” Wiper targeting ESET customers in Israel
On October 2024, attackers targeted Israeli organizations by exploiting a trusted source: ESET’s local partner, Comsecure. Apparently they compromised Comsecure’s infrastructure and used it to send phishing emails disguised as official communications from ESET.
These emails contained a malicious download link purported to be a legitimate tool but actually housed wiper malware (I internally named OctoberSeventh) designed to disrupt data from victim systems.
What makes this attack particularly interesting is the exploitation of an established partner of a globally trusted cybersecurity firm, leveraging the inherent trust that customers place in such relationships. By embedding wiper malware in files that appeared coming from ESET, the attackers succeeded in distributing a destructive payload under the guise of a routine security update.
The motivation behind this attack appears to be geopolitically driven, given its exclusive focus on Israeli entities during a time of heightened regional tension. In my opinion it illustrates the evolving sophistication of cyber threat actors who not only rely on advanced malware but also on sophisticated social engineering and supply chain infiltration techniques.
/https://public-media.si-cdn.com/filer/9f/61/9f610676-9962-4627-ae89-bf59fc6cb735/lod_mosaic_lower_register_web.jpg)
/frimg/6/35/635952.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25379093/247075_Humane_AI_pin_AKrales_0120.jpg)