#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

LinkedIn | Breaking Cybersecurity News | The Hacker News

Category — LinkedIn
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Nov 23, 2024 Artificial Intelligence / Cryptocurrency
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both recruiters and job seekers to generate illicit revenue for the sanction-hit nation. Sapphire Sleet, which is known to be active since at least 2020, overlaps with hacking groups tracked as APT38 and BlueNoroff. In November 2023, the tech giant revealed that the threat actor had established infrastructure that impersonated skills assessment portals to carry out its social engineering campaigns. One of the main methods adopted by the group for over a year is to pose as a venture capitalist, deceptively claiming an interest in a target user's company in order to set up an online meeting. Targ...
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

Oct 25, 2024 Digital Advertising / Privacy
The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles (members)," the Data Protection Commission (DPC) said . "The decision [...] concerns the lawfulness, fairness, and transparency of this processing." The penalty has been issued under the European Union's (E.U.) General Data Protection Regulation ( GDPR ), an information privacy law that establishes a framework for the collection, processing, storage, and transfer of personal data in the E.U. and the European Economic Area (EEA). It went into effect on May 25, 2018. The probe, which was initiated following a complaint made to the French Data Protection Authority in 2018, found that Lin...
How AI Is Transforming IAM and Identity Security

How AI Is Transforming IAM and Identity Security

Nov 15, 2024Machine Learning / Identity Security
In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human identities — now, autonomous systems, APIs, and connected devices also fall within the realm of AI-driven IAM, creating a dynamic security ecosystem that adapts and evolves in response to sophisticated cyber threats. The Role of AI and Machine Learning in IAM AI and machine learning (ML) are creating a more robust, proactive IAM system that continuously learns from the environment to enhance security. Let's explore how AI impacts key IAM components: Intelligent Monitoring and Anomaly Detection AI enables continuous monitoring of both human and non-human identities , including APIs, service acc...
North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

Sep 16, 2024 Financial Security / Malware
Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized cryptocurrency exchange (DEX) called STON.fi. The malicious cyber activity is part of a multi-pronged campaign unleashed by cyber threat actors backed by the Democratic People's Republic of Korea (DPRK) to infiltrate networks of interest under the pretext of conducting interviews or coding assignments. The financial and cryptocurrency sectors are among the top targets for the state-sponsored adversaries seeking to generate illicit revenues and meet an ever-evolving set of objectives based on the regime's interests. These attacks manifest in the form of "highly tailored, difficult-to-d...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Sep 07, 2024 Cyber Security / Malware
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector. "After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge," researchers Robert Wallace, Blas Kojusner, and Joseph Dobson said . The malware functions as a launchpad to compromise the target's macOS system by downloading a second-stage payload that establishes persistence via Launch Agents and Launch Daemons. It's worth pointing out that this is one of many activity clusters – namely Operation Dream Job , Contagious Interview , and others – undertaken by North Korean hacking groups that make use of job-related decoys to infect targets with malware. Recruiting-themed lures have ...
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Jun 14, 2024 Cyber Espionage / Cryptocurrency
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian government and Brazil's aerospace, technology, and financial services sectors," Google's Mandiant and Threat Analysis Group (TAG) divisions said in a joint report published this week. "Similar to their targeting interests in other regions, cryptocurrency and financial technology firms have been a particular focus, and at least three North Korean groups have targeted Brazilian cryptocurrency and fintech companies." Prominent among those groups is a threat actor tracked as UNC4899 (aka Jade Sleet, PUKCHONG, and TraderTraitor), which has targeted cryptocurrency professionals with a malware-laced trojanized Python app. The attack chains involve reaching out to pote...
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Jun 10, 2024 Phishing Attack / Cybercrime
Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm eSentire disclosed last week. "Specifically, the targeted individual was a recruiter that was deceived by the threat actor into thinking they were a job applicant and lured them to their website to download the loader," it said. More_eggs, believed to be the work of a threat actor known as the Golden Chickens (aka Venom Spider), is a modular backdoor that's capable of harvesting sensitive information. It's offered to other criminal actors under a Malware-as-a-Service (MaaS) model. Last year, eSentire unmasked the real-world identities of two individuals – Chuck from Montreal and Jack – who are said to be running the operation. The latest atta...
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns

North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns

Nov 22, 2023 Cyber Espionage / Social Engineering
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks aims to "infect software developers with malware through a fictitious job interview," the latter is designed for financial gain and espionage. "The first campaign's objective is likely cryptocurrency theft and using compromised targets as a staging environment for additional attacks," the cybersecurity company  said . The fraudulent job-seeking activity, on the other hand, involves the use of a GitHub repository to host resumes with forged identities that impersonate individuals of various nationalities. The Contagious Interview attacks pave the way for two hitherto undocumented cross-...
Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

Oct 20, 2023 Malware / Cyber Attack
Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous  Ducktail stealer . "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace," WithSecure  said  in a report published today. "Threat actors are able to acquire and use multiple different tools for the same purpose, and all they have to do is come up with targets, campaigns, and lures." The development comes amid an  uptick in malware campaigns  using DarkGate in recent months, primarily driven by its author's decision to rent it out on a malware-as-a-service (MaaS) basis to other threat actors after using it privately since 2018. It's not just DarkGate and Ducktail, for the Vietnamese threat actor cluster responsible for these campaigns is leveraging same or very similar lures, themes, targeting, and delivery methods to also deliver  ...
RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors

RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors

Jul 05, 2023 Critical Infrastructure Security
A sophisticated stealer-as-a-ransomware threat dubbed  RedEnergy  has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The .NET malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out ransomware activities," Zscaler researchers Shatak Jain and Gurkirat Singh  said  in a recent analysis. The objective, the researchers noted, is to couple data theft with encryption with the goal of inflicting maximum damage to the victims. The starting point for the multi-stage attack is a  FakeUpdates  (aka SocGholish) campaign that tricks users into downloading JavaScript-based malware under the guise of web browser updates. What makes it novel is the use of reputable LinkedIn pages to target victims, redirecting users clicking on the website ...
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job

Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job

Apr 20, 2023 Linux / Cyber Attack
The notorious North Korea-aligned state-sponsored actor known as the  Lazarus Group  has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name  Operation Dream Job , ESET said in a  new report  published today. The findings are crucial, not least because it marks the first publicly documented example of the adversary using Linux malware as part of this social engineering scheme. Operation Dream Job , also known as  DeathNote or NukeSped , refers to multiple attack waves wherein the group leverages fraudulent job offers as a lure to trick unsuspecting targets into downloading malware. It also  exhibits overlaps  with two other Lazarus clusters known as Operation In(ter)ception and Operation North Star. The attack chain discovered by ESET is no different in that it delivers a fake HSBC job offer as a decoy within a ZIP archive file that's then used to launc...
Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

Apr 21, 2022
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers . "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting jobseekers with fake job offers," eSentire's research and reporting lead, Keegan Keplinger, said in a statement . The Canadian cybersecurity company said it identified and disrupted four separate security incidents, three of which occurred at the end of March. Targeted entities include a U.S.-based aerospace company, an accounting business located in the U.K., a law firm, and a staffing agency, both based out of Canada. The malware, suspected to be the handiwork of a threat actor called Golden Chickens (aka Venom Spider ), is a stealthy, modular backdoor suite capable ...
Hackers Targeting professionals With 'more_eggs' Malware via LinkedIn Job Offers

Hackers Targeting professionals With 'more_eggs' Malware via LinkedIn Job Offers

Apr 06, 2021
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles. "For example, if the LinkedIn member's job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the 'position' added to the end)," cybersecurity firm eSentire's Threat Response Unit (TRU)  said  in an analysis. "Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs." Campaigns delivering more_eggs using the  same modus operandi  have been spotted at least since 2018, with the backdo...
Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

Oct 01, 2020
A Russian hacker who was found guilty of  hacking LinkedIn ,  Dropbox , and Formspring over eight years ago has finally been  sentenced  to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin , 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users. Between March and July 2012, Nikulin hacked into the computers of LinkedIn,  Dropbox, and Formspring , and installed malware on them, which allowed him to remotely download user databases of over  117 Million LinkedIn  users and more than  68 Million Dropbox  users. According to the prosecutor, Nikulin also worked with unnamed co-conspirators of a Russian-speaking cybercriminal forum to sell customer data he stole as a result of his hacks. Besides hacking in...
Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs

Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs

Jun 17, 2020
Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money. The campaign, dubbed " Operation In(ter)ception " because of a reference to "Inception" in the malware sample, took place between September to December 2019, according to a new report cybersecurity firm ESET shared with The Hacker News. "The primary goal of the operation was espionage," the researchers told The Hacker News. "However, in one of the cases we investigated, the attackers tried to monetize access to a victim's email account through a business email compromise (BEC) attack as the final stage of the operation." The financial motivation behind the attacks, coupled with similarities in targeting and development environment, have led ESET to suspect Laz...
Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

Oct 31, 2019
Two grey hat hackers have pleaded guilty to blackmailing Uber , LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016. In a San Jose courthouse in California on Wednesday, Brandon Charles Glover (26) of Florida and Vasile Mereacre (23) of Toronto admitted they accessed and downloaded confidential corporate databases on Amazon Web Services using stolen credentials. After downloading the data, the duo contacted affected companies to report security vulnerabilities and demanded money in exchange for the deletion of the data, according to a press release published by the US Justice Department. "I was able to access backups upon backups, me and my team would like a huge reward for this," the hackers said to the victim company in an email. "Please keep in mind, we expect a big payment as this was hard work for us, we already helped a big corp which paid close to 7 digits, all ...
Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

Apr 21, 2018
Not just Facebook , a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address, ZIP code, company and job title, with a single click. In general, the AutoFill button only works on specifically "whitelisted websites," but 18-year-old security researcher Jack Cable of Lightning Security said it is not just the case. Cable discovered that the feature was plagued with a simple yet important security vulnerability that potentially enabled any website (scrapers) secretly harvest user profile data and the user would not even realize of the event. A legitimate website would likely place a AutoFill button near the fields the button can fill, but accordin...
Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Jul 31, 2017
Reportedly, at least one senior cyber security analyst working with Mandiant, a Virginia-based cybersecurity firm owned by the FireEye, appears to have had its system compromised by hackers, exposing his sensitive information on the Internet. On Sunday, an anonymous group of hackers posted some sensitive details allegedly belonged to Adi Peretz , a ‎Senior Threat Intelligence Analyst at Mandiant, claiming they have had complete access to the company's internal networks since 2016. The recent hack into Mandiant has been dubbed Operation # LeakTheAnalyst . Further Leaks from Mandiant Might Appear The hackers have leaked nearly 32 megabytes of data—both personal and professional—belonging to Peretz on Pastebin as proof, which suggests they have more Mandiant data that could be leaked in upcoming days. "It was fun to be inside a giant company named "Mandiant" we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse ...
LinkedIn Hacker, Wanted by US & Russian, Can be Extradited to Either State

LinkedIn Hacker, Wanted by US & Russian, Can be Extradited to Either State

May 31, 2017
The alleged Russian hacker, who was arrested by the Czech police in Prague last October on suspicion of massive 2012 data breach at LinkedIn, can be extradited to either the United States or Russia, a Czech court ruled on Tuesday. Yevgeniy Aleksandrovich Nikulin , a 29-years-old Russian national, is accused of allegedly hacking not just LinkedIn , but also the online cloud storage platform Dropbox , and now-defunct social-networking company Formspring. However, he has repeatedly denied all accusations. Nikulin was arrested in Prague on October 5 by the Czech police after Interpol issued an international arrest warrant against him. Nikulin appeared at a court hearing held inside a high-security prison in Prague on Tuesday and emaciated after eight months in solitary confinement. The court ruling, pending appeals, left the final decision in the hands of Czech Justice Minister Robert Pelikan, who can approve extradition to one of the countries and block the other. The United ...
Expert Insights / Articles Videos
Cybersecurity Resources