Iran-based hackers use fake LinkedIn profiles to spy on targets

RESTRICTIONS: NONE
For story suggestions please contact [email protected]

A new report by a research team at Dell SecureWorks has uncovered a network of fake LinkedIn profiles suspected of being created by Iran-based hackers in order to obtain confidential information from targets.

According to CNN, 25 fake profiles were found, 8 of them ‘leaders’ with fully developed professional profiles posing as recruiters for international companies such as Teledyne, Airbus, Northrop Grumman, Doosan, and Petrochemical Industries, Co. The other 17 profiles were less developed, likely ‘supporters’ that would lend legitimacy to the leaders through connections and endorsements. Six of the eight leaders had as many as 500 connections, while the remaining two had 275 and 46.

Researchers identified the group as “TG 2889” and said they were likely operating from Iran, since majority of the 204 targets were from the Middle East and North Africa, while 12 were from the U.S.

The report suggests that once connected, hackers could send malicious software in links and attachments, compromising their targets’ devices and allowing them access to sensitive information. The report didn’t specify whether the group was able to access any valuable information, but the fake profiles have since been removed by LinkedIn, according to NBC.

RUNDOWN SHOWS:
1. Hacker on a LinkedIn profile
2. Network of fake profiles
3. Target sectors
4. Sending malicious software
5. Map view of hackers & targets’ country of origin

VOICEOVER (in English):

“Researchers at Dell Secureworks have uncovered a network of fake LinkedIn profiles that used to spy on hundreds worldwide.”

“25 fake profiles were found, 8 of them ‘leaders’ posing as recruiters for international companies.”

“17 ‘supporters’ legitimized the leaders through connections and endorsements.”

“6 of the 8 leaders had as many as 500 connections.”

“The hackers appeared to target users working in the telecom, government, and defense sectors.”

“The report suggests that once connected, hackers could send malicious software in links and attachments, potentially allowing access to sensitive information.”

“Researchers believe the group was likely operating from Iran. A majority of the 204 targets were from the Middle East and North Africa, while 12 were from the U.S.”

SOURCES:
Dell SecureWorks, CNN, NBC, SC Magazine
http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/
http://edition.cnn.com/2015/10/07/politics/iran-hackers-linkedin/
http://www.nbcnews.com/tech/security/iran-based-hackers-created-network-fake-linkedin-profiles-report-n440261
http://www.scmagazine.com/iran-threat-group-that-created-fake-linkedin-personas-likely-intent-on-cyberespionage/article/443718/