Intelligence Briefing #73

Welcome to the Nucleon Cyber Intelligence podcast.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

Several times this year, LinkedIn seems to have experienced massive data scrape conducted by a malicious actor. 

An archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum. This time, the author of the forum post is purportedly selling information gathered from 600 million LinkedIn profiles. Latest LinkedIn leak They also claim that the data is new and “better” than that collected during the previous scrapes. On the Latest LinkedIn leak in 2021, samples from the archive shared by the author include full names, email addresses, links to the users’ social media accounts, and other data points that users had publicly listed on their LinkedIn profiles. 

While not deeply sensitive, the information could still be used by malicious actors to quickly and easily find new targets based on the criminals’ preferred methods of social engineering. 

LinkedIn’s refusal to treat malicious scraping as a security problem can potentially allow cybercriminals to gather data on new victims with impunity. The social media platform, however, is of a different opinion on the matter: “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” LinkedIn said in its statement regarding a previous data scrape, where malicious actors collected data from 700 million profiles

Even though LinkedIn’s representatives are correct in saying that no private data was exposed, collecting publicly available information on a mass scale can still put users at risk of spam and phishing attacks. 

Judging from the samples shared by the author, the archive appears to contain a variety of publicly available professional information gathered from LinkedIn profiles, including: LinkedIn IDs, Full names, Email addresses, Phone numbers, LinkedIn profile URLs Links to other social media profiles Genders Birth dates Locations Professional titles and other work-related data The sample provided by the forum post author contains 632,699 LinkedIn profile entries, which include 154,204 user email addresses. 

Scraping can be dangerous because it allows criminals to easily find new targets Even though the data gathered from 600 million LinkedIn profiles was not acquired as a result of a breach, allowing third parties to mass scrape LinkedIn user profiles can result in those users being attacked by malicious actors in a variety of ways. 

For example, phishers and spammers often use data acquired from scrapers to find new victims: they can extract scraped public contact details and use them for robocalls, spam lists, and social engineering attacks, whereby phishers and scammers can try to manipulate users into revealing their personal information and banking details. 

This is why many web applications use scraping mitigation tools that help protect against hostile data collection by bots and threat actors. 

What Can you do if you’ve been affected? 

  • If you suspect that your LinkedIn profile data might have been scraped by the threat actor, we recommend you: Remove your email address and phone number from your public LinkedIn profile to avoid them being scraped by a malicious third party in the future. 
  • Change the password of your LinkedIn and email accounts. 
  • Enable two-factor authentication on all your online accounts. 
  • Beware of suspicious messages on social media and connection requests from strangers. 
  • Consider using a password manager to create unique strong passwords and store them securely. 

In addition, beware of phishing emails and text messages. Again, don’t click on anything suspicious or respond to anyone you don’t know.



Notorious North Korean hacking group impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware.
Researchers have been tracking Lazarus activity for months published new report by AT&T Labs. 
According to the report’s author, emails sent to prospective engineering candidates by the group purport to be from known defense contractors Airbus, General Motors (GM) and Rheinmetall
Attached to the emails are Windows documents containing macro-based malware, “which has been developed and improved during the course of this campaign and from one target to another,” the report wrote. 
 
The campaign is just the latest by Lazarus that targets the defense industry.

In February, researchers linked a 2020 spear phishing campaign to the stealing of critical data from defense companies by leveraging an advanced malware called Threat Needle. 
 
The new campaign was identified when Twitter users reported several documents that were linked to Lazarus group using, GM and Airbus as lures.
The campaigns using the three new documents have similarities in command and control (C&C) communication but different ways of executing malicious activity, researchers found. 

Lazarus distributed two malicious documents related to Rheinmetall, a German engineering company focused on the defense and automotive industries.

However, the second included “more elaborate content,” and thus likely went unnoticed by victims. 
Given the historically prolific nature of Lazarus—named “the most active” threat group of 2020 by Kaspersky —the latest attack against engineers “is not expected to be the last,” the report noted. “Attack lures, potentially targeting engineering professionals in government organizations, showcase the importance of tracking Lazarus and their evolution,” the report said.



That’s it for this podcast, stay safe and see you in the next podcast.

Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

++++++

Leave a Reply