Recognized research & discoveries serving cybersecurity

ESET researchers, analysts and software engineers
Research & Development centres worldwide
Unique, new malware samples detected every day
1 billion+
People worldwide protected

Research is at the heart of ESET and its technology and has been from the very beginning. It all started with a discovery when, in 1987, ESET co-founders Miroslav Trnka and Peter Paško discovered one of the first viruses in the world, named Vienna.

Through the years, ESET and its researchers have been credited with many discoveries and have scored accolades for many of their research works. From recent years, in 2018, ESET discovered LoJax –
the first UEFI rootkit found in the wild, deployed by the infamous Sednit APT group.

Our researchers regularly present at industry conferences such as RSA, Black Hat, Virus Bulletin and CARO just to name a few. They also devote their time to educate future researchers and security experts at universities.

Most notable ESET Threat Research

February-December 2022

Wiper attacks in Ukraine

Ukraine has been hit by cyberattacks that involved data-wiping malware: HermeticWiper, IsaacWiper, CaddyWiper, and others. The first wave of attacks started with the Russian invasion of Ukraine.


April 2022


Sandworm attackers made an unsuccessful attempt to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine. ESET researchers worked closely with CERT-UA on this discovery.

April 2022

Zloader disruption

ESET has collaborated with Microsoft and others in an attempt to disrupt known Zloader botnets. Zloader started as a banking trojan, but later evolved to become a distributor of several types of malware, especially ransomware.

April 2022

UEFI vulnerabilities

ESET researchers have discovered and analysed three vulnerabilities affecting various Lenovo consumer laptop models.

July 2022

CloudMensis spyware

ESET researchers discovered the macOS backdoor CloudMensis that spies on users of compromised Macs and exclusively uses public cloud storage services to communicate with its operators.

September 2022

Lazarus operations

ESET researchers uncovered and analysed a set of malicious tools that were used by the infamous Lazarus APT group in attacks during 2021. One was designed to disable various Windows monitoring features.

October 2022


ESET researchers analysed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group.

December 2022


ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections and uncovered a MirrorFace credential stealer.


December 2021

Jumping the air-gap

ESET researchers analysed all malicious frameworks used to attack air-gapped networks known to date. Air-gapping is used protect the most sensitive networks.

August 2019- December 2021

Latin American banking trojans

ESET Research published a series of blogposts dedicated to demystifying Latin American banking trojans, an evolving threat mainly targeting Brazil, Spain and Mexico.

November 2021

Candiru spyware

Discovery of strategic web compromise attacks against high-profile websites in the Middle East with a strong focus on Yemen. The attacks were linked to spyware-producing company Candiru.

October 2021

UEFI bootkit ESPecter

Discovery of a real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit can bypass Windows Driver Signature Enforcement to load its own unsigned driver for espionage.

August 2021

IIS threat research

ESET Research discovered 10 previously undocumented malware families, implemented as malicious extensions for Internet Information Services (IIS) web server software.

May 2021

Android stalkerware

ESET Research conducted an in-depth analysis of stalkerware and discovered 158 serious security and privacy issues across 58 different applications.

March 2021


ESET Research discovered that at least ten different APT groups were exploiting Microsoft Exchange vulnerabilities ProxyLogon to compromise email servers before and shortly after the vulnerability chain was patched.

February 2021


Discovery of Kobalos, complex Linux malware targeting supercomputers. ESET worked with CERN in mitigating these attacks.

June 2020


Investigating a new campaign by the InvisiMole group, ESET researchers uncovered the group’s updated toolset as well as previously unknown details about its stealthy mode of operation.

February 2020

The KrØØk vulnerability

ESET researchers uncovered a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices.

June 2020

Operation In(ter)ception

ESET researchers uncovered targeted attacks against high-profile aerospace and military companies in Europe and the Middle East.

October 2020

TrickBot disruption

ESET has collaborated in a Microsoft-led effort to disrupt the TrickBot botnet, providing technical analysis, statistical information, and known command and control server domain names and IPs.

October 2018


Following long-term tracking of the infamous BlackEnergy group targeting critical infrastructure, ESET research discovered its successor: the GreyEnergy group.

October 2019

Operation Ghost

ESET researchers uncovered new activity of the infamous espionage group, the Dukes, including three new malware families.

October 2019

Winnti Group arsenal

As part of their extensive tracking of the Winnti Group, ESET researchers revealed updates to the group’s malware arsenal and campaigns.

October 2019

Attor espionage platform

ESET researchers discovered a previously unreported cyberespionage platform used in targeted attacks against diplomatic missions and governmental institutions, and privacy-concerned users.

November 2018

3ve disruption

ESET Research contributed to international law enforcement operation against 3ve, a major online ad fraud operation.

ESET Threat Report

ESET APT Activity Report

Software vulnerabilities

While ESET Research primarily focuses on malware, some investigations lead to discovering software vulnerabilities.

While respecting legitimate business interests of vendors of hardware, software, and services, our aim is to protect the broad community of users of internet/IT-related products and/or services.

If we believe we have discovered a vulnerability in a third-party product or service, we adhere to principles of responsible disclosure. Along with that, we do our best to reach out to the vendor to inform them about our findings. However, we reserve the option of disclosing the discovery to a trusted third party, such as a national CSIRT.

Research & development centers

  • Bratislava, Košice and Žilina, Slovakia
  • Prague, Brno and Jablonec nad Nisou, Czech Republic
  • Krakow, Poland
  • Montreal, Canada
  • San Diego, United States
  • Buenos Aires, Argentina
  • Singapore
  • Iasi, Romania
  • Taunton, United Kingdom