A decade of research from ESET Canada

Next story

ESET recently celebrated 10 years since setting up a leading research centre on the campus of École Polytechnique Montreal.

A global leader in providing protection against digital threats, ESET is also at the forefront of research projects that identify web-based risks and malware threats. Since it was officially opened on April 17th, 2012, its Montreal technological hub has specialized in advanced R&D in computer security, specifically malware analysis.

“ESET has set up technological hubs around the world to ensure that the sun never sets on our research,” says Jean-Ian Boutin, Director of Threat Research at ESET. “We have an incredible team in Montreal working together to build ESET Canada into a leading hub of research into cyberthreats. We are proud of the significant contributions our Montreal team has made to identify cyber threats and make the global digital world more secure.”

ESET’s Montreal technological hub originated as part of the research ecosystem at École Polytechnique Montreal before it evolved and established itself as a separate ESET entity. It currently employs 14 staff.

Over the past decade, the team has identified significant cyber threats, including:

The following is a timeline highlighting the significant cyber threads identified by the ESET Montreal team over the past decade:

  • 2014: Research into Operation Windigo — an attack on thousands of Linux and Unix servers that began in 2011 — earned ESET’s Montreal team the first-ever Péter Szőr Award, given to the best research work of the year in the field of computer security. ESET also assisted the FBI in its investigation of Windigo, resulting in one of the co-conspirators being arrested, extradited to the United States and sentenced to 46 months in prison.
  • 2016: ESET researchers publish a comprehensive paper on Sednit (also known as APT28 or Fancy Bear), which targets high-profile organizations connected to international geopolitics. Two years later, ESET uncovers the sophisticated LoJax malware used by Sednit to target government organizations in the Balkans and both Central and Eastern Europe. A detailed analysis of the backdoor was outlined in a whitepaper, as well as presented at several conferences, including Black Hat Europe and BlueHat.
  • 2017: An investigation into Stantinko, a complex and slowly developing adware campaign first launched in 2012, showed that an estimated half-million users in Eastern Europe were impacted. ESET’s Montreal researchers successfully identified the devious methods used by Stantinko to stay under the radar for several years, and published a whitepaper allowing analysts to have tools to detect and clean systems.
  • 2018: After fraudsters took advantage of tax season in Canada with a sophisticated phishing scam that lured victims using fake tax refund forms and fake interact e-transfers, Montreal researchers investigated a list of domains used behind the attacks.
  • 2019: ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East since 2012.
  • 2019: A Montreal-made "social search engine" application managed to become widely spread adware, prompting the research team to investigate. The team discovered techniques used by Wajam to inject web traffic that became increasingly devious and persistent as newer versions were released, contributing to needed investigation around adware and PUAs.
  • 2020: Researchers took part in a global operation to disrupt Trickbot botnets, collaborating with partners including Microsoft, Lumen’s Black Lotus Labs and NTT Ltd. Throughout its monitoring, ESET analyzed thousands of malicious samples every month to help this effort.
  • 2021: Following the launch of the mobile applications (VaxiCode and VaxiCode Verif) that allowed the storage and verification of the vaccination passport by the Quebec Government, a flaw was discovered by ESET Researchers that permitted hackers to bypass QR code verification mechanisms and have a forged QR code recognized as valid.
  • 2022: Since the start of the invasion, the Montreal team was involved in research related to cyberattacks targeting Ukraine infrastructures such as HermeticWiper, IsaacWiper, CaddyWiper and Industroyer2. The latter was trying to take down Ukraine’s power grid.

The work of the Montreal technological hub is often posted at ESET’s blog, welivesecurity.com.

The Montreal research hub is one of 13 such centres ESET maintains around the world, including locations in Slovakia, San Diego, Argentina, Singapore, Czechia and Poland.

About ESET

For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centers worldwide, working in support of our shared future. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.