Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Iranian Hacker Group APT34 Use New ‘Tonedeaf’ Malware over LinkedIn in Latest Phishing Campaign

    AdobeStock_136765286

    Targeting several key industries, this new campaign likely seeks to aid the Iranian government with information that could be of use to further Iran’s economic and security goals.

    This month, security vendor FireEye has identified a new phishing campaign targeting organizations in Oil and Gas, Energy and Utilities, and Government sectors, leveraging LinkedIn as the medium to both establish contact and deliver malware. The FireEye Labs Advanced Reverse Engineering (FLARE) released details on this campaign by Iranian-nexus threat actor APT34 in which the following takes place:

    • The target victim is contacted via LinkedIn by a user who claims to be “Research Staff at University of Cambridge”
    • A solicitation for a job is communicated to the victim and is asked to provide a resume, all via LinkedIn messaging
    • The victim is then asked to fill out a document as part of the process and a link is provided using the somewhat convincing cam-research-ac.com domain
    • Once downloaded and opened, the document runs VBA script to create a file system.doc that is eventually launched upon closing the initial download
    • The Tonedeaf malware is a backdoor that communicates via HTTPS or DNS and can be used to collect system information, upload files, and run commands

    While the latter part of the attack seems like the more malicious part of the campaign, it’s the beginning that you should actually be worried about. The use of a legitimate service like LinkedIn add credibility to the phishing account, and the context of a business proposition (such as a job opportunity) is contextually accurate for communications within LinkedIn.

    All this spells doom for unwitting users that simply aren’t paying attention. Users need to undergo frequent Security Awareness Training to educate them on tactics like these, so that they are vigilant when interacting with anyone on the web or via email – and, especially when someone sends an unsolicited document and asks for it to be opened.

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Malware, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews