Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections
FireEye researchers recently uncovered a new phishing campaign by Iranian state-backed cyber espionage group APT34 (aka OilRig or Greenbug) that took advantage of LinkedIn.
Masquerading as a Cambridge University lecturer on LinkedIn, the threat actors invited people to connect with them. If a victim accepted the connection, the hackers would start a conversation and send over a malicious document that would deliver malware onto the victim’s machine if opened.
According to FireEye, APT34 mainly targets organizations in the Middle East, including financial organizations, energy firms and government entities. The attackers “use a mix of public and non-public tools to collect strategic information that would benefit nation-state interests pertaining to geopolitical and economic needs.”