Cyber Espionage on LinkedIn
|Cyber Espionage on LinkedIn|
|Short Title||Cybercriminals Posed As Recruiters On LinkedIn to Send Malware|
|Taxonomy||Insecurity, Decisional Interference|
|Threat Actors||LinkedIn, North Korean hacking group Lazarus|
|Affected||Employees at the defense companies|
|High Risk Groups|
By posing as recruiters on LinkedIn, hackers have been able to commit cyber espionage.
In July 2020, cybercriminals — believed to be affiliated with the North Korean government — posed as recruiters working at the U.S. defense groups Collins Aerospace and General Dynamics in order to break into the networks of European defense companies.Insecurity
In order to compromise their targets, the cyber attackers made use of social engineering tactics over LinkedIn against various European defense companies in a process that saw them hide behind the “ruse” of “attractive, but bogus”, job offers. The actions of hackers can be seen as Decisional Interference.
Once they had piqued the interest of the employees at the defense companies, the malware was sent over LinkedIn’s chat application under the guise of being documents relating to a new occupational position.
While researchers were unable to reveal the identity of the attackers responsible for the cyber espionage attempts, it did tentatively point to the high-profile North Korean hacking group Lazarus.