A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network.
According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From there the attackers asked their “friends” to open malicious documents.
APT34, a.k.a. OilRig or Greenbug, specializes in cyber-espionage activity, and is known for attacks targeting a variety of organizations operating in the Middle East, including financial, energy and government entities.