Cybersecurity researchers uncover first-ever use of LinkedIn to spread malware

LinkedInCybersecurity researchers have uncovered what is believed to be the first-ever case of hackers using LinkedIn to infect the computers of targeted users with viruses, according to a new report. The hackers appear to have been sponsored by government and to have targeted employees of carefully selected military contractors in central Europe, according to sources.

The existence of the alleged cyberespionage operation was revealed on Wednesday by researchers at ESET, a cybersecurity firm based in Bratislava, Slovakia, which is known for its firewall and anti-virus products. The researchers said that the operation was carried out in 2019 by hackers who impersonated employees of General Dynamics and Collins Aerospace, two leading global suppliers of aerospace and defense hardware.

ESET researchers said that the hackers made use of the private messaging feature embedded in LinkedIn to reach out to their targets. After making initial contact with their intended victims, the hackers allegedly offered their targets lucrative job offers and used the LinkedIn private messenger service to send them documents that were infected with malware. In many cases, the targets opened the documents and infected their computers in the process.

The use of the LinkedIn social media platform by hackers to make contact with their unsuspecting victims is hardly new. In 2017, German intelligence officials issued a public warning about what they said were thousands of fake LinkedIn profiles created by Chinese spies to gather information about Western targets. Germany’s Federal Office for the Protection of the Constitution (BfV) said it had identified 10,000 German citizens who had been contacted by Chinese spy-run fake profiles on LinkedIn in a period of just nine months. And in 2018, a report by France’s two main intelligence agencies, the General Directorate for Internal Security (DGSI) and the General Directorate for External Security (DGSE), warned of an “unprecedented threat” to security after nearly 4,000 leading French civil servants, scientists and senior executives who were found to have been accosted by Chinese spies on LinkedIn.

Tricking a target into accessing a virus-infected document file is not a new method either. However, according to the researchers at ESET, this was the first case where LinkedIn was used to actually deliver the malware to the victims. As for the identity of the hackers, there appears to be no concluding information. However, ESET said the attacks appeared to have some connections to Lazarus, a group of hackers with North Korean links. Lazarus has been linked to the 2014 Sony Pictures hack and the 2016 Central Bank of Bangladesh cyber heist, which was an attempt to defraud the bank of $1 billion.

LinkedIn told the Reuters news agency that it had identified and terminated the user accounts behind the alleged cyberespionage campaign. Citing client confidentiality, ESET said it could not reveal information about the victims of the attacks. Meanwhile, General Dynamics and Raytheon Technologies, which owns Collins Aerospace, have not commented on this report.

Author: Joseph Fitsanakis | Date: 18 June 2020 | Permalink

News you may have missed #635

Vitaly Shlykov

Vitaly Shlykov

►►UK to support Colombia’s new intelligence agency. The UK has announced that it will provide help and advice on the implementation of Colombia’s new national intelligence agency. Colombian President, Juan Manuel Santos, along with National Security Adviser, Sergio Jaramillo, met with the director of Britain’s secret service MI6 to exchange experiences in intelligence to implement the new National Intelligence Agency of Colombia (ANIC). ANIC is supposed to replace the DAS, Colombia’s disgraced intelligence agency, which has been stigmatized by colluding with paramilitary groups and spying on union leaders, journalists and opposition politicians.
►►US intelligence to train analysts with videogames. The US intelligence community’s research group, the Intelligence Advanced Research Projects Agency (IARPA), has handed over $10.5 million to Raytheon BBN Technologies to start work on the Sirius program. The initiative aims to create a series of so-called “serious games” that would help intelligence analysts improve their objectivity and reasoned judgment when confronted with complex or culturally foreign scenarios.
►►Soviet spy who spent years in Swiss prison dies at 77. Vitaly Shlykov served for 30 years in the Main Intelligence Directorate of the Russian General Staff, known as GRU. During his career, he made frequent trips to the West on a false American passport. One of his duties was to maintain contacts with Dieter Felix Gerhardt, a senior officer of the South African Navy who was working as a Soviet spy. In 1983, Shlykov was arrested in Zurich while carrying about $100,000 in cash to hand over to Gerhardt’s wife. Soviet intelligence was unaware that Gerhardt and his wife had been arrested a few weeks earlier and had told interrogators about the meeting in Switzerland.

UK Air Force deploys world’s most advanced spy plane

By IAN ALLEN | intelNews.org |
Britain’s Royal Air Force (RAF) has announced the official deployment of what it describes as “the most advanced long-range, airborne surveillance system of its kind in the world”. The aircraft-based system is called ASTOR (Airborne Stand-Off Radar) and is installed on Raytheon’s Sentinel R1 jets. The ASTOR radar is reportedly so advanced that it can detect target movement over “thousands of square miles, looking deep into valleys, picking out well-used enemy routes and mapping vehicle activity”, and can even perform during bad weather at night. What is more, the twin-engine aircraft can do all that while flying up to 7.5 miles above ground level, thus staying clear of any engagement by most air-defense systems, including surface-to-air missiles. Read more of this post