Level 53
Content Creator
Malware Hunter
A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network.

According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From there the attackers asked their “friends” to open malicious documents.

APT34, a.k.a. OilRig or Greenbug, specializes in cyber-espionage activity, and is known for attacks targeting a variety of organizations operating in the Middle East, including financial, energy and government entities.

“They use a mix of public and non-public tools to collect strategic information that would benefit nation-state interests pertaining to geopolitical and economic needs,” FireEye noted in a writeup on the campaign on Thursday. In the phishing effort, the non-public tools included three new malware families and featured a reappearance of Pickpocket, which is a malware exclusively observed in use by APT34, according to the firm.