A major security service provider has identified a group of 25 Iranian hackers creating fake LinkedIn profiles to obtain personal information from other users.
The hackers, internally called Threat Group-2889, were attempting a large scale social engineering attack, according to a report released Wednesday by The Dell SecureWorks Counter Threat Unit.
Social engineering is the non-technical equivalent to hacking an actual person. Social engineers use human interaction to manipulate individuals into revealing confidential or sensitive information.
“To reiterate, this cyber threat group did not hack into LinkedIn, rather they created a network of fake, yet very convincing LinkedIn profile[s],” Elizabeth Clarke, director of media relations at Dell SecureWorks, told The Daily Caller News Foundation in an email. “The threat actors clearly spent a lot of time on this operation also managing to connect with over 200 legitimate employees, who we believe are their targets.”
The profiles were all connected with more than 200 actual profiles of individuals working in sectors such as telecom and defense, primarily based in the Middle East, according to The Wall Street Journal.
Dell SecureWorks categorized the hackers into two main groups: leader personas and supporting personas. Of the 25 personas, eight qualified as leaders.
Leader personas have fully developed profiles that “include full educational history, current and previous job descriptions, and, sometimes, vocational qualifications and LinkedIn group memberships.”
The below image was provided to TheDCNF by Dell Secure Works and shows one of the fake profiles.
Some of the leaders claimed to be employed at major international corporations such as Northrop Grumman and Petrochemical Industries Company. Six have professional connections greater than 500.
The supporter personas are less refined. They use the same format with one job description and only have five professional connections.
According to the analysis, the primary function of the supporter personas is to distribute skills endorsements for the leader personas in an effort to bolster credibility.
SecureWorks identified the fraudulent profiles through profile pictures used on other sites and suspicious employment descriptions. Some of the hackers copied profile information from other legitimate LinkedIn users and Exxon Mobile advertisements.
SecureWorks also believes Threat Group-2889 is the same group, known by other security providers as Operation Cleaver, that perpetrated a malware attack last year.
A spokeswoman for LinkedIn told The Wall Street Journal that the company has removed all of the fake profiles and that LinkedIn remains dedicated to protecting its members from these types of risks.
Follow Steve Ambrose on Twitter
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.