The tension generated by the cyber warfare between the United States, and its allies, and Iran keeps growing. Although some information security specialists consider Iranian hackers to be light years away from the U.S. government in terms of capabilities and resources, this does not apply in the same way for the American private companies’ technology infrastructure.
Information security firm FireEye claims that the hacking group known as APT34, linked to the government of Iran, has begun to deploy a phishing campaign targeting users of the social platform LinkedIn. The operators of this campaign send U.S. LinkedIn users invitations to join professional networks for the purpose of injecting malware into the victims’ systems and extracting their confidential information through a backdoor.
“This hacker group shows a clear interest in gaining access to organizations in strategic sectors, such as finance, energy companies, and government organizations,” mentioned the report of FireEye experts. According to this security firm, one of the strategies exploited by hackers is the sending of fake invitations from prestigious institutions, such as the University of Cambridge, which include links to download the malicious files.
During this campaign hackers have resorted to using new malware variants that collect information from infected systems and redirect it to the attacker via a backdoor. In addition, a credential theft tool was also detected extracting data stored in Windows Vault. “Theft of login credentials is critical for this campaign,” information security experts said.
For hackers, platforms like LinkedIn are an ideal personal information harvest ground, as we have reached the point where users accept virtually any request to establish professional connections without stop and think about who’s really behind a social media profile picture.
Experts from the International Institute of Cyber Security (IICS) say this is a clear example of how Iran has dabbled in cyberwarfare, choosing to attack non-military targets, as they have less advanced resources for the prevention, detection and management of cybersecurity threats, especially for individuals.