A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported.

The highly targeted campaign -- dubbed Operation In(ter)ception (an allusion to one malware sample's file name) -- took place from September to December 2019, according to a company blog post and corresponding white paper by ESET researchers Dominik Breitenbacher and Kaspars Osis. Its primarily purpose was data gathering and exfiltration via a custom build of dbxcli, an open-source command-line client for Dropbox. However, researchers observed at least one case where the attackers launched a Business Email Compromise scam against one victimized company's business partner.

To trick prospective victims, the attackers created fraudulent LinkedIn accounts impersonating human resources or hiring managers from various aerospace and defense companies, including Collins Aerospace and General Dynamic, ESET explains. Then they used LinkedIn's messaging feature to reach out to targeted employees and offer an employment opportunity, in hopes of getting them to open a malicious file sent either directly through LinkedIn or via a combination of email and OneDrive.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.