The tension caused by the cyberwar between the United States and its allies and Iran has intensified. Some information security experts believe that Iranian hackers lag far behind the US government in terms of capabilities and resources, but the technology infrastructure of US private companies is not as strong as the US government. Information security company FireEye said that the APT34 hacker group related to the Iranian government has begun deploying phishing campaigns for the social platform LinkedIn. The hacker sends an invitation to the US LinkedIn user to join the professional network, injecting malware into the victim system and extracting its confidential information through the backdoor.
FireEye experts say the hacker organization targets strategic departments such as finance, energy companies, and government organizations. One of the strategies used by hackers is to send fake invitations from well-known institutions such as Cambridge University, which is actually a link to download malicious files.
During this activity, hackers use new malware variants to gather information from infected systems and redirect them to attackers through backdoors. In addition, hackers use a credential-stealing tool extracts data stored in Windows Vault.
For hackers, a platform like LinkedIn is an ideal basis for personal information harvesting, and users can accept almost any request to establish a connection. Experts at the International Institute of CyberSecurity said the incident indicated that Iran chose to attack non-military targets to engage in cyber warfare because these targets have no advanced resources to prevent, detect and manage cybersecurity threats.