"LinkedIn ‘Job Offers’ Targeted Aerospace, Military Firms With Malware"
A recently discovered malware campaign researchers call Operation In(ter)ception is targeting Middle Eastern and European aerospace and military companies. The adversaries are impersonating human resource employees from General Dynamics, and Collins Aerospace in a spear-phishing campaign using LinkedIn's messaging service. The adversaries send targets phony job offers that include malicious documents designed to fetch data-exfiltrating malware. Researchers believe that the primary goal of the attacks, which occurred between September and December 2019, was espionage. In one case, the adversaries tried to utilize a compromised victim's email account in a business email compromise (BEC) attack, showing that they may also have financial motives. The attacks were highly targeted and relied on social engineering over LinkedIn and custom multistage malware. The adversaries frequently recompiled their malware, abused native Windows utilities, and impersonated legitimate software and companies to try to operate under the radar.
Threatpost reports: "LinkedIn ‘Job Offers’ Targeted Aerospace, Military Firms With Malware"