Cybersecurity researchers from a renowned Software Security company recently submitted their recent paper about the unfortunate event in the aerospace and military logistics deployed in Europe and the Middle East region. The report confirmed that this infiltration targeted high profiled employees in LinkedIn from the mentioned key field and had been taken place between September to December of 2019.
The reconnaissance was named ‘Operation In-ter-ception’ as the malware used in this cyber-espionage was mainly for the inception of classified intelligence on the targeted organization. The operation was acquainted with the hacker group Lazarus due to its similarities in activities. Another speculation is the possibility that the actors are state-sponsored. However, no concrete evidence has been presented by investigators to confirm the real perpetrator.
The payload and the manner of infection
The modus started on filtering targets from LinkedIn Profile. The hackers heed from fake profile disguising as an HR or Hiring Personnel from known aerospace and military support agency that offers high paying jobs and positions to the targeted victims. Hackers scan through many LinkedIn profiles that are already related to their targeted organization. Either they send the offer through email or chat them directly through Skype or other messaging application.
The offer came with a brute force or encouraging messages that targeted individuals may not resist opening the attached document of the offer. Little do they know that the attachment has the embedded malware that performs its payload per triggered event that will suffice its execution codes. Triggers include but not limited to, the following are opening of classified information via emails that may be deemed valuable as per stored word indexes. The typical infection mode was through business email compromise (BEC), where hackers will tamper legit email domains and stealthily make correspondence to the fallen victim. Once the victim falls, hackers can inevitably infiltrate the targeted organization email service. The payload will then deliver the gathered information to a secured dropbox or remote server that is untraceable to continue the operation hidden from the radar.
Mitigation plans of LinkedIn are already in action
LinkedIn, through its representative, Paul Rockwell, Head of Trust and Safety, informed the public that they are well aware of the situation. As such, mitigation plans are already in place. Through automated technologies and a dedicated team, they are rummaging to their database for possible hacker profiles and ensure that these are dealt with permanently or adequately be restricted.
Everyone on high profiled organizations must heed to their security protocol. Also, each employee must learn how to be vigilant and take caution in posting information on social media platforms as these give perpetrators a dish on their plate.