- This woman told two students to ‘speak English’ and people are not having it Friday 9:53 PM
- Iconic 1968 drag documentary ‘The Queen’ finally released on Netflix Friday 9:29 PM
- This TikTok account for Chancellor Palpatine is hilarious Friday 8:43 PM
- Did the Space Force logo rip off Star Trek? Friday 6:24 PM
- Disabled people with service dogs say Uber, Lyft drivers are denying them rides Friday 3:25 PM
- TikTok teen famous for greasy hair ends her 8-year reign Friday 2:48 PM
- Police handcuff brown man at subway station for carrying a toy gun Friday 1:20 PM
- Fake clip of Sanders quoting infamous ‘hot chip’ tweet is duping people online Friday 1:16 PM
- The Mars Volta’s Cedric Bixler-Zavala alleges Scientologists behind dog’s death Friday 12:46 PM
- Eminem responds to critics: ‘This album was not made for the squeamish’ Friday 12:42 PM
- ‘The poet, the poem’ meme takes iconic lines and turns them into art Friday 12:40 PM
- People are making dark memes about the coronavirus Friday 12:27 PM
- Trump camp’s ‘head on a pike’ impeachment threat hit with memes Friday 11:34 AM
- What is the #FreeBritney movement, and why is Cher tweeting about it? Friday 10:52 AM
- This YouTuber claims the Saudi government plotted to kidnap him on U.S. soil Friday 10:30 AM
Iranian ‘threat group’ reportedly behind ring of fake LinkedIn profiles
The purported hackers behind these attacks don’t actually need a job, it turns out.
Dell’s SecureWorks lab says it’s uncovered evidence of a network of fake LinkedIn profiles which, it says, trace to an Iran-based “threat group” known as TG-2889 and were used to spy on targets who use the social business site.
There’s little doubt that the 25 profiles named in the report are fake. They use avatars found elsewhere online, and many details on their resumes are identical to older profiles on the site.
Most appear to be a generic westerner in business who has lots of connections to other users—propped up in part, according to the report, by other fake profiles.
During the course of its study, SecureWorks noted that one profile changed its name, job description, and avatar—but kept the same unique LinkedIn ID, as evidenced at the bottom of each.
Though the fake profiles tend to claim to be westerners, most of their connections are in the Middle East, and a substantial portion of them work in telecommunications, which may be evidence of TG-2889’s ideal target.
“We do have a team dedicated to protecting users from these kinds of risks,” Mary-Katharine Juric, LinkedIn’s corporate communications manager, told the Daily Dot.
Recurring details in the fake resumes, the report found, bear a strong resemblance to a different attack using resumes. Dubbed Operation Cleaver by Cylance, the security firm that discovered it, that attack sent fake resume applications—often using the same phrases and job titles used in these fake LinkedIn profiles—that contained malware. Cylance traced that attack to Iran, and concluded that the Iranian government likely played a role in its execution.
The fake profiles have since been deleted from the site.
Update 12:28pm CT, Oct. 8: Comment from LinkedIn added.
Illustration by Jason Reed
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.