Israeli organizations have been targeted by a malicious email campaign impersonating the IT security company ESET. By utilizing the systems of Comsecure, the exclusive distributor of ESET products within Israel, an unknown threat actor is sending an otherwise seemingly legitimate email, signed by ESET’s Advanced Threat Defense team, that encourages recipients to download a .zip file and execute a malicious .exe containing a wiper program.

This campaign, which was likely conducted by Iran-linked actors, appears to have been going on since October 9, 2024. At least one Israeli organization was successfully hit by this attack. ESET announced they are aware of the incident and are launching an investigation, while maintaining that the ESET’s networks have not been impacted at any time.

This incident demonstrates the threat of third-party risk, as malicious actors can successfully gain illicit access to a wide swathe of organizations by compromising a trusted vendor in a particular sector. Members should be aware of their organization’s policies regarding water sector specific third parties and external files, as this is a potential vector for threat actors to target a large number of utilities at once. Read more at SecurityWeek.