Iran-based hackers use fake LinkedIn profiles to spy on targets

IRAN (Next Media) – A new report by a research team at Dell SecureWorks has uncovered a network of fake LinkedIn profiles suspected of being created by Iran-based hackers in order to obtain confidential information from targets.

According to CNN, 25 fake profiles were found, 8 of them ‘leaders’ with fully developed professional profiles posing as recruiters for international companies such as Teledyne, Airbus, Northrop Grumman, Doosan, and Petrochemical Industries, Co. The other 17 profiles were less developed, likely ‘supporters’ that would lend legitimacy to the leaders through connections and endorsements. Six of the eight leaders had as many as 500 connections, while the remaining two had 275 and 46.

Researchers identified the group as “TG 2889” and said they were likely operating from Iran, since majority of the 204 targets were from the Middle East and North Africa, while 12 were from the U.S.

The report suggests that once connected, hackers could send malicious software in links and attachments, compromising their targets’ devices and allowing them access to sensitive information. The report didn’t specify whether the group was able to access any valuable information, but the fake profiles have since been removed by LinkedIn, according to NBC.


Dell SecureWorks, CNN, NBC, SC Magazine