LinkedIn ‘Job Offers’ Targeted Aerospace, Military Firms With Malware

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn’s messaging service. Targets are sent phony job offers that include malicious documents designed to fetch data-exfiltrating malware.

The spear-phishing messages were part of a widespread campaign, dubbed “Operation In(ter)ception,” which targeted victims at European and Middle East aerospace and military companies. Researchers believe the primary goal of the attacks, which occurred from September to December 2019, was espionage. However, in one case, attackers also tried to utilize a compromised victim’s email account in a business email compromise (BEC) attack, showing that they may also have financial motives.

The cyberattacks “were highly targeted and relied on social engineering over LinkedIn and custom, multistage malware,” said researchers with ESET in a Wednesday analysis, shared at ESET Virtual World 2020. “To operate under the radar, the attackers frequently recompiled their malware, abused native Windows utilities and impersonated legitimate software and companies. To our knowledge, the custom malware used in Operation In(ter)ception hasn’t been previously documented.”

Victims were first sent a job offer in a LinkedIn message from a “well-known company in a relevant sector.” These included Collins Aerospace (formerly Rockwell Collins), a major U.S. supplier of aerospace and defense products, and General Dynamics, another large U.S.-based corporation.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top