The tension generated by the cyber warfare between the United States, and its allies, and Iran keeps growing. Although some information security specialists consider Iranian hackers to be light years away from the U.S. government in terms of capabilities and resources, this does not apply in the same way for the American private companies’ technology infrastructure.
Information security firm FireEye claims that
the hacking group known as APT34, linked to the government of Iran, has begun
to deploy a phishing campaign targeting users of the social platform LinkedIn.
The operators of this campaign send U.S. LinkedIn
users invitations to join professional networks for the purpose of injecting
malware into the victims’ systems and extracting their confidential information
through a backdoor.
“This hacker group shows a clear interest
in gaining access to organizations in strategic sectors, such as finance,
energy companies, and government organizations,” mentioned the report of
FireEye experts. According to this security firm, one of the strategies
exploited by hackers is the sending of fake invitations from prestigious
institutions, such as the University of Cambridge, which include links to
download the malicious files.
During this campaign hackers have resorted to
using new malware
variants that collect information from infected systems and redirect it to the
attacker via a backdoor. In addition, a credential theft tool was also detected
extracting data stored in Windows Vault. “Theft of login credentials is
critical for this campaign,” information security experts said.
For hackers, platforms like LinkedIn are an
ideal personal information harvest ground, as we have reached the point where
users accept virtually any request to establish professional connections
without stop and think about who’s really behind a social media profile picture.
Experts from the International Institute of Cyber
Security (IICS) say this is a clear example of how Iran has dabbled in
cyberwarfare, choosing to attack non-military targets, as they have less
advanced resources for the prevention, detection and management of
cybersecurity threats, especially for individuals.
