silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,168
- Content source
- https://threatpost.com/iran-apt34-linkedin-malware/146575/
A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network.
According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From there the attackers asked their “friends” to open malicious documents.
APT34, a.k.a. OilRig or Greenbug, specializes in cyber-espionage activity, and is known for attacks targeting a variety of organizations operating in the Middle East, including financial, energy and government entities.
“They use a mix of public and non-public tools to collect strategic information that would benefit nation-state interests pertaining to geopolitical and economic needs,” FireEye noted in a writeup on the campaign on Thursday. In the phishing effort, the non-public tools included three new malware families and featured a reappearance of Pickpocket, which is a malware exclusively observed in use by APT34, according to the firm.
Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections
The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.
threatpost.com