- How to stream ROH Wrestling’s Honor For All Today 7:30 AM
- How to stream Steelers vs. Titans in NFL preseason action Today 7:00 AM
- How to stream ‘Good Eats: The Return’ online Today 7:00 AM
- How to stream ‘Power’ season 6 Today 6:00 AM
- Your best bets for finding discounted and refurbished Airpods Today 6:00 AM
- How to stream Barcelona vs. Real Betis Saturday 11:31 PM
- How to stream Tottenham Hotspur vs. Newcastle Saturday 11:21 PM
- All of the ‘Avengers: Endgame’ Easter eggs discovered by fans Saturday 6:52 PM
- Every big announcement made at D23 about Disney+ Saturday 6:33 PM
- The best haunted house movies to watch online in 2019 Saturday 4:13 PM
- Andy Ngo seen laughing as Patriot Prayer members plan an attack in newly emerged video Saturday 3:59 PM
- How to stream Manchester City vs. Bournemouth Saturday 3:25 PM
- Catholic priest allegedly spent church money on Grindr hookups Saturday 3:04 PM
- Nicolás Maduro’s English Twitter account was suspended with no public explanation Saturday 2:06 PM
- Man claims ex-girlfriend killed his dog after he broke up with her Saturday 1:02 PM
Iranian ‘threat group’ reportedly behind ring of fake LinkedIn profiles
The purported hackers behind these attacks don’t actually need a job, it turns out.
Dell’s SecureWorks lab says it’s uncovered evidence of a network of fake LinkedIn profiles which, it says, trace to an Iran-based “threat group” known as TG-2889 and were used to spy on targets who use the social business site.
There’s little doubt that the 25 profiles named in the report are fake. They use avatars found elsewhere online, and many details on their resumes are identical to older profiles on the site.
Most appear to be a generic westerner in business who has lots of connections to other users—propped up in part, according to the report, by other fake profiles.
During the course of its study, SecureWorks noted that one profile changed its name, job description, and avatar—but kept the same unique LinkedIn ID, as evidenced at the bottom of each.
Though the fake profiles tend to claim to be westerners, most of their connections are in the Middle East, and a substantial portion of them work in telecommunications, which may be evidence of TG-2889’s ideal target.
“We do have a team dedicated to protecting users from these kinds of risks,” Mary-Katharine Juric, LinkedIn’s corporate communications manager, told the Daily Dot.
Recurring details in the fake resumes, the report found, bear a strong resemblance to a different attack using resumes. Dubbed Operation Cleaver by Cylance, the security firm that discovered it, that attack sent fake resume applications—often using the same phrases and job titles used in these fake LinkedIn profiles—that contained malware. Cylance traced that attack to Iran, and concluded that the Iranian government likely played a role in its execution.
The fake profiles have since been deleted from the site.
Update 12:28pm CT, Oct. 8: Comment from LinkedIn added.
Illustration by Jason Reed
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.