Iranian Hackers Are Exploiting LinkedIn

Uploaded on 2024-12-03 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Threat intelligence experts at ClearSky Cyber Security have reported the details of an Iranian social engineering campaign using fake LinkedIn identities to trick people into downloading malware with fake job offers.

ClearSky has identified a campaign named “Iranian Dream Job” in which the Iranian threat actor TA455 has targeted the aerospace industry by offering fake jobs. 

The campaign distributed the so called 'SnailResin' malware, which activates a backdoor, enabling data theft. ClearSky attributes both malware programs to a previously reported subgroup of TA455, known as Charming Kitten

After the potential victim has been engaged, the hackers use spear phishing email containing malicious attachments disguised as application documents, hidden amongst legitimate files in a ZIP archive, and designed to evade security scans. Once engaged, the malware checks the victim’s IP address and retrieves C2 server information from a series of compromised GitHub accounts.

Clear Sky say that this method makes it much harder to detect and analyse the full scope of the attack.

ClearSky has also identified a series of techniques leveraged by TA455 to evade detection, such as impersonating other threat actors, like the N. Korean Lazarus Group also known for perpetrating fake job exploits. This campaign uses legitimate services such as Cloudflare, GitHub, and Microsoft Azure to conceal their infrastructure and C2 communications, and use high-level  techniques and custom code to bypass security tools.

The Charming Kitten campaign is thought to have  active since September 2023, when an Iranian group was dtecyed targeting the aerospace, aviation, and defence industries in Middle East countries, including Israel.  

ClearSky   |   Microsoft   |    ITPro   |    Record   |    Security Week   |   PCMag   |   Infosecurity Magazine

Image: Ideogram

You Might Also Read: 

Hackers Steal $10M Via LinkedIn:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 






 

« Four Evolving Trends Every Business Leader Should Be Aware Of
US Citizen Jailed For Cyber Espionage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

CipherPoint Software

CipherPoint Software

CipherPoint Software provides data-centric auditing and protection solutions for securing unstructured information

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Istari

Istari

ISTARI is a new kind of cyber risk management company. We’re an agile collective of best-in-class capabilities and experts, who build ongoing partnerships with clients.

Techmentum

Techmentum

At Techmentum, our mission is to utilize technology to help companies succeed. Our expertise includes fully managed IT services, cybersecurity, cloud, and custom technology solutions.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

Fairly AI

Fairly AI

Fairly AI is on a mission to democratize safe, secure, and compliant AI across the enterprise.

Worksent Technologies

Worksent Technologies

Worksent is a Trusted white-label offshore support partner for MSPs and MSSPs.