Fireeye published research last week that it has identified a phishing campaign by APT34, which is known to be a hacking group out of Iran, that all LinkedIn users should be aware of when considering adding a LinkedIn contact. In particular, if you receive a LinkedIn request from someone named Rebecca Watts from Cambridge University, decline the invitation.
According to Fireeye, with the recent tensions between the U.S. and Iran, Iran based cyber espionage campaigns are in full swing. According to Fireeye’s threat research, “we believe APT34’s strongest interest is gaining access to financial, energy and government entities.” One of the identified ways that APT34 is trying to gain access to businesses in these sectors is to through a LinkedIn request from a Rebecca Watts, who is “research staff” from Cambridge University.
APT34 sends a LinkedIn request to an individual who works in one of these sectors from “Rebecca Watts.” Once a user adds “Rebecca Watts” as a LinkedIn contact, a conversation ensues with a request for resumes for potential employment opportunities. The message includes a link that if opened, delivers malicious malware, including keylogger, credential theft and password dumping tools to the user’s system.
The obvious tip is to delete Rebecca Watts from Cambridge University from your LinkedIn account, and deny this fake individual’s request on LinkedIn. The second obvious tip is that nation state actors and cybercriminals are using social media every day to deliver malicious tools in order to perpetrate cyber espionage and fraud. When using any social media platform, be aware that these platforms are being used by threat actors and that you are being targeted and could be a pawn in the cyber war between the U.S. and other countries like Iran. Use basic cyber hygiene when determining whether to include people in your social media network and be as cautious about clicking on any links provided through social media platforms as you are when using email.