In (ter) ception operation: LinkedIn targeted

A highly targeted attack, based on the spear phishing technique and which targeted the LinkedIn platform. This is how ESET researchers describe In (ter) ception, an operation that targeted users registered on Microsoft's professional social network with the aim of stealing confidential data from them and obtaining an economic profit.

ESET unearths a threat to LinkedIn users

The name was attributed based on the related malware sample (Inception.dll), distributed between September and December 2019, passing from fictitious job offers addressed to candidates potentially looking for a job. The messages were sent either directly via LinkedIn, as visible in the screenshot below, or via email with a link to OneDrive. This is the comment of Dominik Breitenbacher, ESET researcher who analyzed the malware and conducted the investigation, which describes the threat.

The message contained a fairly credible job offer, apparently from companies known in the sectors of relief. Of course, the LinkedIn profile was fake and the files sent within the communication were malicious.



Once you opened the file you were faced with a seemingly innocuous PDF document with information on the false job offer, at the same time giving way to the installation of the malicious code without arousing any suspicion and consequently creating a connection between the cyber criminals and the victim's device. It is not excluded that the operation was carried out by or with the help of the Lazarus group, a North Korean company that we have also written about on these pages several times.

The attacks that we have studied have all shown signs of espionage, with several clues that suggest a possible link with the infamous group Lazarus. However, neither the analysis of the malware or the survey allowed us to obtain information about the files that the attackers were aiming.



In the viewfinder sector, in particular, aerospace companies and european military. Among the tools used is also a malware multistage hidden by the guise of a legitimate software, modified versions of open source tools and techniques for Living off the land that rely on the Windows utility are preinstalled in the operating system.

This attempt to monetize the access to the Network of the victims should serve as an incentive to establish strong defenses against intrusions and to provide training on computer security for employees. This will allow us to recognize social engineering techniques, especially those less known, such as those used in the operation In(ter)ception.

In one of the analysed cases attackers have just snuck in a communication regarding an unpaid invoice urging the victim to settle the debt by entering their bank details for the transfer of the money.

Source: ESET