Cyber espionage has been an ongoing problem for LinkedIn: pseudo-employees creating fake accounts and tie themselves to real companies to get personal information, establish nefarious relationships, or solicit money. Fake job offers often target security clearance holders.
Malware Targeted at Clearance Holders
LinkedIn enjoys a bit of “societal protection” status compared to other social media sites. People more naturally trust a site for professional networking, versus more purely social venues like Twitter or Facebook, simply due to the platform’s goals. The combination of professional information, and the ever-ready carrot of a potentially higher paying, better job, makes LinkedIn the perfect website for foreign hackers to get their hands dirty and steal information. Foreign adversaries take advantage of both the trust and treasure trove of career and clearance information to create their targets.
How Foreign Hackers Use LinkedIn
ESET, a Slovakian-based cybersecurity firm, found a fake malware sample file being sent to clearance holders. ESET identified it as a cyber-hack protocol called In(ter)ception with potential ties to North Korea and their “Lazarus Group”.
Pseudo-employees (foreign adversaries) created fraudulent accounts posing as human resources workers for legitimate companies. The accounts are very believable because they steal real company data and pictures of real people. The companies included major defense contractors, the fake recruiters reached out with seemingly real, believable (and obviously lucrative) job offers. The job description is a bit more than they bargained for, however – the supposed job offer sent off a chain of malware.
“The message was a quite believable job offer, seemingly from a well-known company in a relevant sector. Of course, the LinkedIn profile was fake, and the files sent within the communication were malicious,” said ESET researcher Breitenbacher in a press release.
Bottom line: be careful with what how much information you post about your clearance and your past work. Social engineering succeeds based on the amount of information that can be found on public facing social media sites. Your online profile should be protected so that you are not exploited.