Microsoft’s Threat Intelligence Center, or MSTIC (pronounced mystic), is warning that a North Korean military hacking organisation is utilising fake social media profiles, particularly on LinkedIn, to mislead people into accepting fake employment offers in order to distribute a deadly open source virus. So, if a contact request arrives from a recruiter, even if they have never heard of them before, many may believe there is no damage in accepting. But what if that person wasn’t a recruiter, but a hacker using a fake profile to gain access to you, your contact information, and the rest of your network? You’ve put yourself and your organisation at danger of being hacked, breached, or otherwise targeted by hackers by linking. The hacking organisation has targeted people in a variety of businesses, including media, defence, and aerospace, in the United States, United Kingdom, India, and Russia. The organisation is suspected of being responsible for the well-known Sony breach in 2014. How it is carried out “Microsoft researchers have identified spear-phishing as a main method of ZINC actors, but they have also been spotted leveraging strategic website breaches and social engineering across social media to achieve their aims,” the MSTIC team noted in a blog post published by Microsoft. The hackers on Linkedin stole data, hacked crypto accounts and exchanges, and tore networks apart by creating phoney identities on LinkedIn. LinkedIn’s Threat Defense unit, which is owned by Microsoft, erased all fraudulent accounts it discovered. LinkedIn used to seem to be a very safe, business-like social media site for job searching and networking, but in today’s world, when there are hacker subscription services, there are few safe zones on the internet, and we must be always watchful.
