LinkedIn ‘Job Offers’ Targets Aerospace, Military Firms With Malware

2020-06-17 09:30

Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn's messaging service.

"To operate under the radar, the attackers frequently recompiled their malware, abused native Windows utilities and impersonated legitimate software and companies. To our knowledge, the custom malware used in Operation In(ter)ception hasn't been previously documented."

"Neither the malware analysis nor the investigation allowed us to gain insight into what exact file types the attackers were aiming for."

Paul Rockwell, head of trust and safety with LinkedIn, said that the creation of a fake account or fraudulent activity with an intent to mislead or lie to LinkedIn members "Is a violation of our terms of service." He said, at this time the attacker owned accounts in question have been permanently restricted.

"In the investigated cases, the adversaries used LinkedIn to select employees of the targeted military and defense companies and subsequently approached them with fake job offers. Unafraid of direct contact, the attackers chatted with the victims to convince them to open malicious files."

News URL

https://threatpost.com/linkedin-job-offers-targeted-aerospace-military-firms-with-malware/156614/

#linkedin #malware #military