Iranian hackers used fake profiles in their new phishing campaign

A new cybercriminal operation conducted by Iranian hackers utilised fake Israeli LinkedIn profiles to conduct their phishing attacks.

Fortunately, an Israeli intelligence agency thwarted the campaign after spotting the spear-phishing campaign that targeted Israeli users. Based on reports, the primary target of the operation is civil servants and researchers from various Israeli organisations.

 

The Iranian hackers used techniques that could grant them unauthorised access.

 

An investigation showed that the Iranian hackers leveraged fake LinkedIn profiles and social engineering tactics to acquire unauthorised access to Israeli citizens’ computers and steal critical data.

Moreover, further study revealed that some parts of the attack included impersonating legitimate Israeli citizens and engaging in conversations on LinkedIn before continuing the communication through email.

The tactic enabled the adversaries to gain trust and credibility, which could allow them to have an easier time luring their targets to open their malicious links or attachments.

The Iranian hackers disseminate these malicious attachments through emails that contain invitations to conferences or files related to targeted individuals or their professions.

However, these emails contain malicious payloads that could infect a target’s computer. The malware could provide the hackers full access privileges, enabling them to have RCE and access to stored information.

Furthermore, the researchers noted that the Iranian hackers prepare for each attack by gathering details from various social media networks to generate their fake LinkedIn profiles. This process could also allow them to establish connections and affiliations based on shared interests and previous interactions.

Overall, these small details would make their profiles more convincing while being more challenging to detect for researchers. This new campaign taps into human curiosity and emotions since it uses their interest to engage with them, which could be easier for them to send their payloads.

The long-running conflict between Iran and Israel has played a massive role in the cybercriminal attacks between the two countries for years. Actors are using fake profiles to target Israelis since most users cannot verify the authenticity of such accounts. Therefore, Israeli citizens should remain vigilant on social media platforms since Iranian threat actors are looming and waiting to pounce on unsuspecting individuals with malicious payloads.