LinkedIn users targeted by Iranian hackers

Researchers at FireEye have warned of a malicious phishing campaign conducted by APT34, an Iranian-nexus threat actor. 

In a blog post, FireEye wrote that the campaign targeted LinkedIn users with invitations to join a professional network, and if the victim accepted a malicious document would be sent. Once the document was opened, the malware would infect systems using a hidden backdoor and consequently steal data and credentials. 

Researchers noted that the threat actors had been “masquerading” as a member of Cambridge University in order to gain victims’ trust to open the malicious documents. Victims received a message from “Rebecca Watts” who was allegedly employed as a member of the research staff at the university. 

“This threat group has conducted broad targeting across a variety of industries operating in the Middle East; however, we believe APT34’s strongest interest is gaining access to financial, energy, and government entities.”

Researchers also noticed the addition of three new malware families to the APT34’s arsenal. 

In an email, FireEye’s principal analyst, cyber-espionage analysis, Cristiana Brafman Kittner wrote:

“This campaign is consistent with the overall Iranian targeting of the energy sector that we’ve seen dating back to at least 2012. Further, this activity is representative of Iran’s overarching efforts to collect strategic information of relevance to its national interests. 

“With increasing geopolitical tensions between the U.S and Iran and the introduction of new sanctions, we expect Iran to continue to increase the volume and scope of its cyber-espionage campaigns.”

Corin Imai, DomainTool’s senior security advisor commented:

“Both private and public organizations should be investing in their employees’ cybersecurity training. As threats continue to evolve, having a solid foundational understanding of the best practices to stay safe online is the most effective way to create a first line of defense. 

In the current climate, organizations can no longer compromise on their security efforts, which should be holistic and account for both technical vulnerabilities and for human ones.”

FireEye has recommended organisations to remain vigilant in their defenses.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.