Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles

Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles

 

Summary

While tracking a suspected Iran-based threat group known as Threat Group-2889[1] (TG-2889), Dell SecureWorks Counter Threat Unit™ (CTU) researchers uncovered a network of fake LinkedIn profiles. These convincing profiles form a self-referenced network of seemingly established LinkedIn users. CTU researchers assess with high confidence the purpose of this network is to target potential victims through social engineering. Most of the legitimate LinkedIn accounts associated with the fake accounts belong to individuals in the Middle East, and CTU researchers assess with medium confidence that these individuals are likely targets of TG-2889.

Fake LinkedIn accounts

The 25 fake LinkedIn accounts identified by CTU researchers fall into two categories: fully developed personas (Leader) and supporting personas (Supporter). The table in the Appendix lists details associated with the accounts. The level of detail in the profiles suggests that the threat actors invested substantial time and effort into creating and maintaining these personas. The photos used in the fake accounts are likely of innocent individuals who have no connection to TG-2889 activity.

Tri-Solve, LLC 3590-B Hwy 31 South, Suite 188; Pelham, AL 35124 - Office: 205-664-7978
Copyright © Tri-Solve, LLC 2015. All rights reserved.
Designed, Maintained and Hosted by Koehler Cyber Cafe, Inc.