Phishing Attacks Targeting Ukraine: ESET Impersonation and Kalambur Backdoor

Описание: What youll learn: In this video, we explore a recent phishing campaign targeting Ukrainian entities, where attackers impersonated the Slovak cybersecurity firm ESET. We delve into the specifics of the InedibleOchotense campaign, the tactics used by threat actors, and the implications for cybersecurity in Ukraine.

On November 6, 2025, a new cybersecurity threat emerged, highlighting a phishing campaign targeting Ukrainian entities. This campaign, attributed to a group known as InedibleOchotense, impersonates the Slovak cybersecurity company ESET. The significance of this development lies in the ongoing cyber warfare associated with the conflict in Ukraine, as threat actors continue to exploit vulnerabilities and manipulate trust to gain access to sensitive information.

The phishing campaign was detected in May 2025. ESET reported that InedibleOchotense sent spear-phishing emails and messages via Signal, directing recipients to download a trojanized ESET installer. This installer not only delivered the legitimate ESET AV Remover but also included a malicious backdoor known as Kalambur. The campaign is linked to the broader activities of the Sandworm hacking group, which has a history of targeting Ukraine.

The impact of this campaign is significant, as it targets various Ukrainian organizations that rely on ESET software for cybersecurity. By exploiting ESET's brand reputation, attackers aim to trick users into installing malware, potentially leading to unauthorized access and data breaches. Organizations in Ukraine should be vigilant, ensuring they verify the authenticity of communications and only download software from official sources. Implementing robust cybersecurity training for employees can help mitigate risks associated with such phishing attempts.

Moving forward, cybersecurity experts and organizations must remain alert to the evolving tactics of threat actors like InedibleOchotense. Continued monitoring of phishing attempts and sharing intelligence within the cybersecurity community will be crucial. Organizations should also consider enhancing their cybersecurity measures, including regular software updates and employee training on recognizing phishing attempts. Additionally, watching for updates from ESET and CERT-UA regarding ongoing investigations into these threats will be essential for maintaining security.