ESET unveils a cyberattack campaign on LinkedIn trying to achieve financial benefits and confidential information.

Counterfeit LinkedIn messages. This is the tool used by new cybercriminals, according to the laboratory at ESET, in a campaign with which they try to obtain financial benefits and confidential information.

The attacks have been referred to by ESET as ‘Operation In (ter) ception’ due to the related malware sample named “Inception.dll” and started with a LinkedIn message, usually in the one that offered a job opportunity.

These messages reached victims either directly through LinkedIn or through an email containing a link to OneDrive. In the case of email messages, the attackers had created email accounts that matched the fake LinkedIn profiles.

“The message was a fairly credible job offer , from a relevant company in the sector. The LinkedIn profile was fake and the attached messages sent during the conversation contained malicious files, «explained Dominik Breitenbacher, head of the investigation at ESET.

Cyberattacks on LinkedIn

Once the victim opened the file, a seemingly harmless PDF document with salary information on the bogus job offer, the malware was deployed hidden on the device, causing cybercriminals they managed to get in, as well as persistence in the system.

From then on, attackers used multi-stage custom malware, which often disguises itself as legitimate software, and modified versions of open source tools, they explain from ESET.

«The attacks we have observed show all the typical signs of a spy campaign and numerous clues that would link them to the infamous Lazarus group ”, says Breitenbacher. «However, neither the malware analysis nor the investigation has yet led us to know what files the criminals were looking for.»

in Addition to the techniques of espionage, the researchers of ESET, they have found evidence that the criminals were trying to get money of other companies from the compromised accounts. Between the mails of the victims have been found communications on unpaid invoices between the affected and its customers in which it urged the payment to an account owned by the criminals.

Fortunately, in the cases investigated, the client became suspicious of the message and contacted the victim to confirm the veracity of the mail, to frustrate the attempt of attackers to get also engage with the customers of the victim.