Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

[silversurfer]

Content source

https://threatpost.com/iran-apt34-linkedin-malware/146575/

A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network.

According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From there the attackers asked their “friends” to open malicious documents.

APT34, a.k.a. OilRig or Greenbug, specializes in cyber-espionage activity, and is known for attacks targeting a variety of organizations operating in the Middle East, including financial, energy and government entities.

“They use a mix of public and non-public tools to collect strategic information that would benefit nation-state interests pertaining to geopolitical and economic needs,” FireEye noted in a writeup on the campaign on Thursday. In the phishing effort, the non-public tools included three new malware families and featured a reappearance of Pickpocket, which is a malware exclusively observed in use by APT34, according to the firm.

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.

threatpost.com