Iranian Hackers Are Exploiting LinkedIn

Uploaded on 2024-12-03 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Threat intelligence experts at ClearSky Cyber Security have reported the details of an Iranian social engineering campaign using fake LinkedIn identities to trick people into downloading malware with fake job offers.

ClearSky has identified a campaign named “Iranian Dream Job” in which the Iranian threat actor TA455 has targeted the aerospace industry by offering fake jobs. 

The campaign distributed the so called 'SnailResin' malware, which activates a backdoor, enabling data theft. ClearSky attributes both malware programs to a previously reported subgroup of TA455, known as Charming Kitten

After the potential victim has been engaged, the hackers use spear phishing email containing malicious attachments disguised as application documents, hidden amongst legitimate files in a ZIP archive, and designed to evade security scans. Once engaged, the malware checks the victim’s IP address and retrieves C2 server information from a series of compromised GitHub accounts.

Clear Sky say that this method makes it much harder to detect and analyse the full scope of the attack.

ClearSky has also identified a series of techniques leveraged by TA455 to evade detection, such as impersonating other threat actors, like the N. Korean Lazarus Group also known for perpetrating fake job exploits. This campaign uses legitimate services such as Cloudflare, GitHub, and Microsoft Azure to conceal their infrastructure and C2 communications, and use high-level  techniques and custom code to bypass security tools.

The Charming Kitten campaign is thought to have  active since September 2023, when an Iranian group was dtecyed targeting the aerospace, aviation, and defence industries in Middle East countries, including Israel.  

ClearSky   |   Microsoft   |    ITPro   |    Record   |    Security Week   |   PCMag   |   Infosecurity Magazine

Image: Ideogram

You Might Also Read: 

Hackers Steal $10M Via LinkedIn:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 






 

« Four Evolving Trends Every Business Leader Should Be Aware Of
US Citizen Jailed For Cyber Espionage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

Zurich

Zurich

Zurich is a leading multi-line insurer providing a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

CyberPilot

CyberPilot

CyberPilot ApS is a Danish cybersecurity company. We work with all types of companies and organisations, both large and small, who want to achieve effective cybersecurity.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

IP Twins

IP Twins

IP Twins offer a wide range of services related to domain names and online brand protection.

Nisos

Nisos

Nisos provides unrivaled protection of your reputation and assets through the practice of Active Defense.

Mindaro Insurance

Mindaro Insurance

Mindaro is adding the crucial piece of the cyber security puzzle that protects your organization from the financial ramifications of cyber attacks.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

Seal Security

Seal Security

Seal Security revolutionizes software supply chain security operations, empowering organizations to automate and scale their open source vulnerability remediation and patch management.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.

Neo Auth

Neo Auth

Neo Auth is an identity and access management solution to help organizations optimize their cybersecurity processes.