Iranian Hackers Target LinkedIn

By Paul Ausick Updated Apr 27, 11:49PM EDT · Published Oct 7, 11:45AM EDT

Follow 24/7 Wall St. on Google

This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive compensation for actions taken through them.

Security researchers have identified 25 faked accounts at LinkedIn Corp.’s (NYSE: LNKD) social media website and attributed the fraudulent accounts to an Iran-based threat group. According to the researchers, the purpose of the network was to “target potential victims through social engineering.”

According to the report issued Wednesday morning by Dell SecureWorks Counter Threat Unit:

The level of detail in the profiles suggests that the threat actors invested substantial time and effort into creating and maintaining these personas. The photos used in the fake accounts are likely of innocent individuals who have no connection to [the hacker group’s] activity.

The researchers divided the personas into two groups, Leaders and Supporters. There are eight Leader personas, of which six had more than 500 social LinkedIn connections. The researchers said they found “compelling evidence that the Leader profiles were fraudulent,” including:

One of the profile photographs is linked to multiple identities across numerous websites, including adult sites.

The summary section in one profile is identical to the summary in a legitimate LinkedIn profile, and the employment history matches a sample résumé downloaded from a recruitment website.

In another profile, a job description was copied from genuine Teledyne and ExxonMobil job advertisements.

The job description in yet another profile … was copied from a legitimate job posting from a Malaysian bank … .

Five of the fraudulent Leader personas claim to work for Teledyne, another to be an employee of Korean conglomerate Doosan, a seventh claims employment at Northrop Grumman, and the eighth purports to be from a Kuwaiti petrochemical firm.

ALSO READ: Is There Really Too Much Competition for FireEye?

Supporter profiles were less complex, all claimed five connections, and all were determined to be fakes by using open-source research. Researchers suspect that the threat group used the Supporter accounts to provide the Leader profiles with an established network, which enhances credibility. Supporters also appear to have provided skill endorsements for the Leaders.

SecureWorks researchers determined that the threat group had identified 204 potential targets, including 39 in Saudi Arabia, 28 in Qatar, 27 in the UAE, 17 in Pakistan and 12 in the United States.

A complete list of the 25 fake personas is available as an appendix to the SecureWorks report.

The Wall Street Journal reported Wednesday morning that LinkedIn has removed all of the fake accounts.

About the Author Paul Ausick →

Paul Ausick has been writing for a673b.bigscoots-temp.com for more than a decade. He has written extensively on investing in the energy, defense, and technology sectors. In a previous life, he wrote technical documentation and managed a marketing communications group in Silicon Valley.

He has a bachelor's degree in English from the University of Chicago and now lives in Montana, where he fishes for trout in the summer and stays inside during the winter.