Hackers Used Fake Account Mia Ash To Steal Info From Execs on LinkedIn
July 28, 2017
Are you friends with Mia Ash on Facebook? Well, if you are, you are most likly one of the befriended male employees of oil and technology firms in Israel, Saudi Arabia, India, U.S, and Iraq.
Women seem to be able to get info with a lot of ease these days and hackers are taking advantage. A hacking group linked to Iran is believed to be behind th numerous fake accounts of the Mia Ash, which is just one identiy that the group has been using to lure info out of execs.
The security firm, SecureWorks, said that the hacking group behind this is called Cobalt Gypsy, or OilRig, as known by others.
The hackers have previously targeted Saudi Arabian oil, financial and tech executives, as well as Israeli corporate networks.
Then came time to hit LinkedIn, where the hackers behind the Mia Ash account connected with professional photographers to make the account seem legit.
The goal behind this was to be able to steal information from employees who would have access to their companies’ computer networks. In one case, the fake Mia Ash account had sent an phishing email to one of the men who accepted her friend request.
SecureWorks found out that the email contained malware which would give the hackers control of his computer.
The attack was pretty sophisticated as the Mia Ash account first tried to befriend these individuals on LinkedIn, sharing info about her supposed photography jobs that she took, as to create a safe barrier. Then, the hacking group behind the account invited them to chat on other platforms like Facebook, as to gain more trust with the victims.
However, SecureWorks said that the attempted malware attack was not successful, because even though the victim had clicked on the infected link, the company’s anti-virus precautions was able to catch the malware.
As of now, info is still shady on whether other attempts made by the Mia Ash were successfully executed. SecureWorks has found out that as many as 40 people interacted with the persona on LinkedIn and Facebook.
To make the hack looks even more legit, the Mia Ash account also had links to her “personal photography website,” as well as, fake accounts on Instagram, WhatsApp and Blogger. Most of those profiles are now offline. So next time that a pretty face adds you on LinkedIn or Facebook and starts acting super nice for no reason, think twice before you become a victim of Mia Ash.