Hackers Return to Gather More Info

Friday, October 9, 2015 @ 04:10 PM gHale

A hacking group that hit the scene last December is now trawling about seeking to infiltrate different sectors, researchers said.

One research group thinks Iran-based attackers are building a network of fake LinkedIn user profiles with the aim of entering business circles of telecommunications and defense contractors.

Attack Group Uses Satellites for Anonymity
Insider Attacks Growing; Firms Not Prepared
German Steel Mill Attack: Inside Job
Multi-Tasking Leads to Incidents: Report

The Iranian group which Dell’s SecureWorks Counter Threat Unit Threat Intelligence team named Threat Group-2889 (TG-2889), seems to be the same group Cylance and the FBI warned about in December, when they went about infiltrating critical infrastructure points around the world, researchers said in a blog post.

Dell said the group is building a network of fake user profiles on LinkedIn, creating fake identities for high-tech professionals and trying to get in contact with various companies in different countries.

The group appears interested in the aerospace, defense, military, chemical, energy, government, and education industries. Most targets are from the telecommunications field, from companies located in the Middle East and North Africa.

In fact, countries in the Middle East make up the majority of targeted states. The top 5 is Saudi Arabia (39 businesses), Qatar (28), United Arab Emirates (27), Pakistan (17), and the United States (12).

Dell identified 25 of the fake LinkedIn profiles until now, and said they all ended up been created to support 8 accounts, called “leader personas.”

The other accounts only exist to support the leaders giving them credibility and creating a network of followers around them.

The follower accounts appear bare, the leader accounts have quite a bit of details, the TG-2889 members are going the distance to join various LinkedIn groups, and even updating their listings regularly, changing names and pictures before someone catches on.