Targeting several key industries, this new campaign likely seeks to aid the Iranian government with information that could be of use to further Iran’s economic and security goals.
This month, security vendor FireEye has identified a new phishing campaign targeting organizations in Oil and Gas, Energy and Utilities, and Government sectors, leveraging LinkedIn as the medium to both establish contact and deliver malware. The FireEye Labs Advanced Reverse Engineering (FLARE) released details on this campaign by Iranian-nexus threat actor APT34 in which the following takes place:
While the latter part of the attack seems like the more malicious part of the campaign, it’s the beginning that you should actually be worried about. The use of a legitimate service like LinkedIn add credibility to the phishing account, and the context of a business proposition (such as a job opportunity) is contextually accurate for communications within LinkedIn.
All this spells doom for unwitting users that simply aren’t paying attention. Users need to undergo frequent Security Awareness Training to educate them on tactics like these, so that they are vigilant when interacting with anyone on the web or via email – and, especially when someone sends an unsolicited document and asks for it to be opened.