Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Operation Cleaver Hackers Return, Now Use LinkedIn to Target Victims

Karamjit

By Karamjit
in Security & Privacy News

Recommended Posts

Karamjit

Karamjit

Posted
Posted

Hackers create a fake LinkedIn network around them so they can contact and infiltrate legitimate companies

Iran-based hackers are building a network of fake LinkedIn user profiles with the aim of entering business circles for telecommunications and defense contractors.

According to Dell's SecureWorks Counter Threat Unit Threat Intelligence team, the group which they've internally named Threat Group-2889 (TG-2889), seems to be the same group of hackers that Cylance and the FBI warned about in December 2014, when they've carried out Operation Cleaver, with the purpose of infiltrating critical infrastructure points around the world.

Dell says that the group is now building a network of fake user profiles on LinkedIn, creating fake identities for high-tech professionals and trying to get in contact with various companies in different countries.

The group is particularly interested in domains like aerospace, defense, military, chemical, energy, government, and education. Most targets are from the telecommunications field, from companies located in the Middle East and North Africa.

In fact, countries in the Middle East make up the majority of targeted states. The top 5 is Saudi Arabia (39 businesses), Qatar (28), United Arab Emirates (27), Pakistan (17), and the United States (12).

Analysis of the Linked network of fake profiles

Dell has managed to identify 25 of the fake LinkedIn profiles until now, and says that they've all been created to support 8 accounts, called "leader personas."

The other accounts only exist to support the leaders giving them credibility and creating a network of followers around them.

While the follower accounts are quite spartan, the leader accounts are very well maintained and have a lot of details, the TG-2889 members going the distance to join various LinkedIn groups, and even updating their listings regularly, changing names and pictures before someone catches on.

This type of social engineering scam is not new and has been used before in May 2014 by another Iran-based threat group, and even this past September when a similar network of fake LinkedIn personas was being built around InfoSec professionals.

Source

Link to comment
Share on other sites
  • Views 511
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...