Hugh Cameron
Iranian government-linked actors have been hacking individuals in key sectors of U.S. allies by offering them fake jobs, according to an Israeli cybersecurity firm.
On Tuesday, a report published by Tel Aviv-based ClearSky Cyber Security identified a campaign it dubbed "Iranian Dream Job," which had targeted the aerospace, aviation and defense industries of countries including Israel, the UAE, Turkey, India and Albania.
According to ClearSky, hackers have posed as recruiters on LinkedIn since at least September 2023, approaching targets with lucrative, and seemingly legitimate, job offers.
These profiles, associated with fake employers such as Careers 2 Find, distribute malware to victims, which, once downloaded, allow the hackers to access systems and steal sensitive data.
ClearSky identified the group involved as TA455, also known by Google-owned cybersecurity firm Mandiant as UNC1549. In February, Mandiant released a report that linked this actor to Iran's Revolutionary Guard Corps, a branch of the country's armed forces.
The flag of Iran over an image of a keyboard. On Tuesday, Israeli cybersecurity firm ClearSky said it had uncovered a hacking campaign targeting the aerospace sectors of several U.S. allies. Florian Schroetter/Oliver Berg/AP Photo/picture-alliance/dpa/AP Images
According to Mandiant's February report, which detailed the group's "tailored job-themed lures," the intelligence collected from those in the aerospace and defense industries is "of relevance to strategic Iranian interests and may be leveraged for espionage as well as kinetic operations."
The tactic itself, however, is not new and has previously been employed by hackers from North Korea, who the FBI in September warned had been using fake offers of employment to target cryptocurrency exchange-traded funds over several months.
No comments:
Post a Comment