Security News

The Iran-affiliated APT known as Charming Kitten is back with a new approach, impersonating Persian-speaking journalists via WhatsApp and LinkedIn, in order to con victims into opening malicious links. To lend verisimilitude to their impersonations, the cybercriminals also set up fake LinkedIn profiles corresponding to the journalists' names, and have been sending out LinkedIn messages to corner victims as well.

The hackers used a personalized URL, tailored to the victim's email address, to trick them into accessing the malicious link, and also attempted to send a malicious ZIP file to the victim. "Clearsky alerted 'Deutsche Welle' about the impersonation and the watering hole in their website. A 'Deutsche Welle' representative confirmed that the reporter which Charming Kitten impersonated, did not send any emails to the victim nor any other academic researcher in Israel in the past few weeks," the security firm says.

The nation-state threat operator Lazarus Group is being tied to a recent phishing campaign that targeted admins at a cryptocurrency firm via LinkedIn messages. Researchers say that the recently identified a series of incident that were part of a broader campaign targeting businesses worldwide through LinkedIn messages sent to targets' personal LinkedIn accounts.

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

The Russian hacker accused of raiding LinkedIn, Dropbox and Formspring, and obtaining data on 213 million user accounts, has been found guilty. The jury reckoned Nikulin probably swiped the LinkedIn account details, all 117 million of them, for commercial gain, though they didn't think greed played a role in his theft of 28 million account records from Formspring and 68 million from Dropbox.

Microsoft's social-media-for-suits tentacle, LinkedIn, has attracted legal fire for allegedly peering at the clipboard of iOS devices. As well as doubtless making the podcast app a bit worse, the upcoming version of Apple's mobile OS also features a bunch of privacy features, including a notification telling the user when an app is reading from the device's clipboard.

A Russian national accused of hacking into online platforms LinkedIn, Formspring, and Dropbox was found guilty by a United States jury last week. The man, Yevgeniy Aleksandrovich Nikulin, 32, was arrested in 2016 in the Czech Republic, and remained incarcerated there for two years, before being extradited to the U.S. In 2016, U.S. authorities charged Nikulin with accessing without authorization the systems of LinkedIn, Dropbox and Formspring in 2012, using stolen employee credentials.

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30.

Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn's messaging service. "To operate under the radar, the attackers frequently recompiled their malware, abused native Windows utilities and impersonated legitimate software and companies. To our knowledge, the custom malware used in Operation In(ter)ception hasn't been previously documented."

The man accused of hacking LinkedIn, Dropbox and the Formspring Q&A forum, and later selling the stolen data of hundreds of millions of users, has seen his trial disrupted a third time by the coronavirus pandemic. At a hearing on Tuesday, Judge William Alsup again delayed the US trial of alleged Russian hacker Yevgeniy Nikulin until June 1; the third such delay since the COVID-19 virus appeared in San Francisco, where proceedings are unfolding.