Cyber spies use LinkedIn to hack European defence firms

  • World
  • Wednesday, 17 Jun 2020

FILE PHOTO: Man poses in front of on a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. REUTERS/Dado Ruvic

LONDON (Reuters) - Hackers posed as recruiters working for U.S. defence giants Collins Aerospace and General Dynamics on LinkedIn to break into the networks of military contractors in Europe, cybersecurity researchers said on Wednesday.

The cyber spies were able to compromise the systems of at least two defence and aerospace firms in Central Europe last year by approaching employees with pseudo job offers from the U.S. firms, Slovakia-based cybersecurity firm ESET said.

The attackers then used LinkedIn's private messaging feature to send documents containing malicious code which the employees were tricked into opening, said Jean-Ian Boutin, ESET's head of threat research.

ESET declined to name the victims, citing client confidentiality, and said it was unclear if any information was stolen. General Dynamics and Collins Aerospace, which is owned by Raytheon Technologies, declined immediate comment.

ESET was unable to determine the identity of the hackers but said the attacks had some links to a North Korean group known as Lazarus, which has been accused by U.S. prosecutors of orchestrating a string of high-profile cyber heists on victims including Sony Pictures and the Central Bank of Bangladesh.

North Korea's mission to the United Nations in New York did not immediately respond to a request for comment.

The attacks are not the first time LinkedIn has been caught up in international espionage. Western officials have repeatedly accused China of using fake LinkedIn accounts to recruit spies in other countries, and multiple hacking groups have been spotted using the business-networking site to profile their targets.

But ESET's Boutin said hacking attempts are usually conducted via email. "This is the first case I am aware of where LinkedIn was used to deliver the malware itself," he said.

LinkedIn said it had identified and deleted the accounts used in the attacks. "We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors," said the company's head of trust and safety, Paul Rockwell.

(Additional reporting by Michelle Nichols in New York; Editing by Elaine Hardcastle)

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Next In World

Iran's Rouhani says 60% enrichment is an answer to attack at Natanz site
Turkish foreign minister says new period starting in Egypt ties: NTV
Somalia's president signs law extending his mandate for two years - state news agency
Twenty killed in road accident in Egypt
Germany will synchronize withdrawal from Afghanistan with U.S., minister says
Senior former U.S. officials arrive in Taiwan
Brazil must show Amazon protection is working, top donor Norway says
Italy's 'diabolical lover' doctor gets life for patient deaths
UAE partners with Japan's iSpace to send rover to the moon in 2022
EU Commission to end AstraZeneca and J&J vaccine contracts at expiry - paper

Stories You'll Enjoy