When talking about phishing attacks, most people thinking it is about a malicious link sent by hackers through email or text message that could trick the reader to install the malware causing the revealing of sensitive information. However, recently, an espionage ring is targeting key infrastructure and government services with malware-infected files sent as LinkedIn message attachments.
Using the same methods of email phishing attacks, the fraudulent LinkedIn attachment was sent by the hacker called APT34 to offer fake business opportunities through LinkedIn’s direct message. Once the target opens the attachment, a new strain of malware called TONEDEAF was downloaded onto the victim’s system and creates a “backdoor”, a secret portal into the system for the hacker to use remotely.
ProofPoint, a cyber security firm explained that the hacker used an attached PDF with embedded URLs. The URLs link to a landing page that spoofs a real talent and staffing management company, using stolen branding to enhance the legitimacy of the campaigns. This page then kicks off the download of the malicious Word document that then attempts to download and execute the “More_eggs” payload.
As the world’s largest professionals networking site, LinkedIn has been a powerful platform for industry professionals and those who actively seeking employment to connect and discover business opportunities in the simpler way. LinkedIn has over 610 million members in 2019 and keeps millions of professional’s information, which makes it easier for cybercriminals to target a specific company or industry. Therefore, it is not surprising that cyber attackers have decided to look for ways to exploit security backdoors within the platform.
In conclusion, there are no doubt that hackers today are always trying to find newer and more unique ways to gain access to our data and system. It is important for us as the LinkedIn user to be more vigilant and discreet. We need to be extremely careful about the messages and emails we receive, and always research the company that is contacting you, and never open links or documents sent via direct messaging or email if it is suspecting.
Through this article, DNS as a trusted IT security partner in Indonesia expects you to be more aware of cyber security by ensuring you to always get the latest news on today's cyber threats and how to tackle them