Ransomware/Malware Activity
ESET Distributor Breached, Data Wipers Sent to Israeli Organizations
Cybercriminals have allegedly breached Comsecure, an Israeli distributor of ESET's software and cybersecurity products, to send phishing emails to Israeli organizations containing data wiping malware disguised as cybersecurity software. The phishing campaign began on October 8th, when emails from the legitimate eset[.]co[.]il domain were sent to Israel-based customers from ESET's "Advanced Threat Defense Team". The phishing emails warned that the recipient had recently been targeted by government-backed attackers and offers the recipient a link to download an advanced cybersecurity tool: "ESET Unleashed". The link directs users to the legitimate eset[.]co[.]il domain which hosts a ZIP archive containing four DLL files digitally signed by ESET's code signing certificate along with an executable "Setup.exe" that is not signed. "Setup.exe" is the data wiper, designed to delete all the files off of a victim's computer while corrupting the partition table to make data recovery difficult. ESET released a statement on October 18th, 2024, noting that the company was "...aware of a security incident which affected our partner company in Israel last week". ESET's announcement states that a "limited malicious campaign was blocked within ten minutes", and that their customers are secure. As of the time of this writing, the attack has not yet been attributed to a specific threat actor. CTIX analysts will continue to report on new and emerging forms of malware and associated campaigns.
- Bleeping Computer Article: ESET Partner Breached
- Security Week Article: ESET Distributors Systems Abused
Threat Actor Activity
China's Spamouflage Campaign Targeting U.S. Senator Marco Rubio
The Chinese disinformation campaign known as Spamouflage has honed its focus on U.S. Senator Marco Rubio, employing new tactics to test the effectiveness of its influence operations. Researchers from Clemson University have observed Spamouflage targeting Rubio's X account, marking a shift from their 2022 strategy, which involved flooding social media with supportive but poorly crafted content. This historical approach aims to drown out genuine messages and create noise that makes it difficult for real discourse to be heard - to sweep an unflattering topic under the rug. In their latest efforts, Spamouflage has shifted to using more authentic-looking hijacked accounts to spread anti-Rubio content across platforms such as X, Reddit, and Medium. The content is notably well-written, potentially leveraging AI or large language models (LLMs) to create material. This evolution in tactics away from boosting narratives suggests an alignment with Russian disinformation strategies, focusing on creating divisions and highlighting U.S. domestic issues. Senator Rubio, a known critic of China, has acknowledged the increasing aggression of China's information operations, stressing the importance of addressing these efforts. Researchers warn against underestimating China's sophistication in conducting influence campaigns, emphasizing the nuanced and complex nature of their operations.
Vulnerabilities
Critical Vulnerabilities in Multiple Major End-to-End Encrypted Cloud Storage Platforms Impact Tens of Millions of People
Cybersecurity researchers from ETH Zurich uncovered significant cryptographic vulnerabilities in several major end-to-end encrypted (E2EE) cloud storage platforms, including Sync, pCloud, Icedrive, Seafile, and Tresorit, collectively used by over 22 million people. These flaws allow attackers to inject, tamper with, or access user data by exploiting a compromised server. The vulnerabilities include unauthenticated key material, encryption protocol downgrades, and metadata manipulation, which compromise file confidentiality, integrity, and user security. Specific weaknesses, such as Sync's exposure of shared passwords and key injection issues, pCloud's encryption tampering, and Icedrive's unauthenticated CBC encryption, make these systems vulnerable to attackers, including nation-state actors and skilled hackers. Despite these concerns, Tresorit fared relatively better, with issues confined to metadata and public key handling, though improvements are planned for 2025. While Icedrive declined to address the identified flaws, other providers have begun responding, with some issues already patched. This research underscores the gap between the security claims of E2EE platforms and the real-world risks they face, highlighting the need for stronger cryptographic safeguards across the industry. CTIX analysts will continue to report on new and novel vulnerabilities to keep our readers informed about the potential threats to their data.
- The Hacker News: E2EE Cloud Vulnerabilities Article
- Bleeping Computer: E2EE Cloud Vulnerabilities Article
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
