Hackers catfish tech execs on LinkedIn Hackers catfish tech execs on LinkedIn

Hackers catfish tech execs on LinkedIn

A friendly woman on the internet can fool even the most security-conscious man -- and hackers can take advantage.


Since at least April 2016, a number of social media profiles have been created for a photographer named "Mia Ash." The persona befriended male employees of oil and technology firms in Israel, Saudi Arabia, India, U.S, and Iraq.


Now, a hacking group linked to Iran is believed to be behind the accounts, according to new research from security firm SecureWorks.

SecureWorks calls the hacking group Cobalt Gypsy, also known as OilRig by other researchers. The group has previously targeted Saudi Arabian oil, financial and tech executives, as well as Israeli corporate networks.

On LinkedIn, the hackers behind Mia connected with professional photographers to make the account seem more authentic. Meanwhile, the profile photos were stolen from a Romanian photographer, who has not responded to a request for comment.

Mia first tried to befriend these individuals on LinkedIn, sharing information about her purported photography job and the trips she took. She later invited them to chat on other platforms like Facebook.

But the phishing attempt SecureWorks studied was unsuccessful. Although the the victim clicked on an infected link, the company's anti-virus precautions caught the malware.

As of now, the firm doesn't know if other attempts made by Mia were successfully executed. But it identified as many as 40 people who interacted with the persona on LinkedIn and Facebook (FBTech30). Mia also had a personal photography website and fake accounts on Instagram, WhatsApp and Blogger. Most of those profiles are now offline.

According to Allison Wikoff, the lead researcher on the investigation into Cobalt Gypsy, LinkedIn can be a successful way for hackers to target people because users are inclined to trust others on the site. The hackers who posed as Mia used LinkedIn before switching to more personal communications channels like WhatsApp and Facebook.

"It's a professional network, so there's a little bit of trust people assume when they join it, versus social networks which are more designed for socialization," she said. "[Someone's] guard is a little more down on professional networks."

mia ash facebook profile fake

It's not the first time this group has used fake LinkedIn profiles to snare victims. In 2015, Cobalt Gypsy hackers posed as recruiters on the professional network. But using a single female persona was a first for this group.

In January, SecureWorks found that Cobalt Gypsy targeted a Middle Eastern company with phishing attacks that appeared to come from legitimate email addresses at a variety of information technology firms. Those phishing emails contained the same malware, called PupyRAT, Mia sent to her victim.

"Companies spend lot of time educating their staff on those kinds of phishing campaigns," Wikoff said. "So if that's not successful, establishing a personal relationship with your intended target is the best way to potentially make the connection."


Shared from: CNN

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top


How RBC is using a blockchain to overhaul its loyalty program

“We see loyalty as a great use case for blockchain to allow us to provide customers more real-time access to rewards points to provide an almost Starbucks-like experience.”

Why finance brands are so hot on content marketing

Content is one way to make people return to their site to see new updates, buy new products and invest more money.

Reddit now allows users to upload videos

Videos are coming to Reddit, thanks to a new feature that allows users to upload video clips directly to the service.

Sharp sues Hisense over a foreign “gag order”

Sharp, a Japanese electronics manufacturer, has filed a lawsuit challenging a foreign gag order that company lawyers say prevents Sharp from talking about its own brand.

How A Police Body Camera Company Is Becoming An Artificial Intelligence Company

Like most technology companies today, Axon’s goal is to collect data; the free body camera trial is just another avenue to generate and collect more of it.

Mic Lays Off Dozens Just a Week After Promising Not To

A number of online outlets, including Mashable, Vice, and MTV News, have recently slashed their writing staffs to focus on producing visual content

Kit Kat accused of copying Atari game

Kit Kat's maker Nestle has been accused of copying Breakout, the 1970s computer game, in a marketing campaign.

YouTube TV expands to 14 new markets

YouTube is broadening access to live TV streaming as younger viewers increasingly watch shows online and traditional broadcast networks grapple with aging demographics among viewers.

Hyundai looks to build a >300-mile-range electric car

More carmakers are looking toward electric vehicles as fuel cell falters

Why Bancor Wants To Become The YouTube Of Cryptocurrency

If Bancor overcomes the initial scandals (it shortchanges its users' by rounding token values) Bancor could reshape the cryptocurrency marketplace as we know it.

The best of Siri: 11 funny responses from the iPhone's virtual assistant

Since its launch in 2011, Siri has become increasingly intelligent, and can now hold basic two-way conversations with users.

How Yogscast built a media empire

The newer generation doesn’t want to be told how to do things, they want to see it.

Skype’s new look arrives on the desktop in preview form

The chat-focused update comes with new features for messaging and calls.

Twitter investor helps develop blockchain-based social media platform

The proposed Twitter version will have no central authority and the users will be able to monetize their contributions.

Bitcoin's biggest software wallet blockchain adds ethereum

It's the latest sign bitcoin businesses are now adapting their business models to support multiple blockchains.

Uber slapped with FTC audits for next 20 years due to privacy lapses

According to the latter, Uber didn’t do enough to protect the privacy of its riders or drivers.

Google Home can now make calls and it won’t cost you a dime

Say “Hey Google, call *contact name*” and you’ll be on your way

E-sports platform to launch $100 million cryptocurrency sale

Unikrn embraced cryptocurrency as a way to bypass banking institutions.

Alibaba beats on earnings as e-commerce remains core revenue driver

Alibaba's stock is up more than 81 percent this year

Nokia 8 smartphone takes 'bothie' videos

The device can capture video from both its front and rear-facing cameras at the same time, and broadcast the images side-by-side to YouTube and other livestreaming services.

Chatbot helps students choose courses

Students can chat to the AI about the options available to them Leeds Beckett University has launched a chatbot to help prospective students find the right course. It follows the publication of A-level results in England, Wales and Northern Ireland. Using Facebook Messenger's...

EU-funded online privacy tool will protect your data – and help you sell it

“Privacy-for-Benefit” is still being developed but the plan is to create new business models which will allow users to partially trade their private data for “economic benefits” — which could be the first step towards personal data as currency.

Newton Mail finally comes to Windows for a cross-platform email experience

Newton Mail, a multi-platform email app that’s been available on Mac, iOS, and Android, is finally reaching the last major platform it had yet to be offered on: Windows 10. Aside from, you know, being offered on Windows, there’s not much...

Apple Watch to be sold alongside Aetna health insurance plans

Apple has already switched its marketing to focus on fitness and health. This is first move for insurance providers

How Ulta overhauled its business to edge out Sephora

Ulta has amassed the insights and data from 25 million people — it can share that information directly with its partner brands.

Samsung TVs now let you use Shazam to discover what songs are playing in movies and TV shows

Samsung is rolling out an update to its 2017 lineup of smart TVs that will allow anyone to find out what song is playing on a TV show or movie simply by tapping a button on their screen.

Unpatchable flaw lets attackers disable vehicle safety features

Instead of trying to inject a malicious message into a vehicle's controller area network, the attack overloads it with error messages.

Small businesses still forced into physical bank branches

It’s all about the customer experience, in the end.

Alipay connects with Yelp

'This expedites our goal towards a digital lifestyle'

Goldman tops banks betting on a new type of hedging

Goldman Sachs Group Inc. has taken to investing large sums of money into outside ventures in a bid to disrupt the financial industry.

Subscribe to the Business Brief Newsletter

Get our complimentary briefing, featuring news & analysis of the business trends and practices.
Terms and Conditions