LinkedIn Accounts Targeted in Widespread Hijacking Campaign

They primarily exploit leaked credentials and employ brute-force techniques to breach LinkedIn accounts, especially those with weaker security settings.

is currently facing an alarming rise in account takeovers, with many users finding themselves locked out and their accounts accessed without authorization. This surge in unauthorized access has raised significant concerns among professionals, highlighting the potential risks users face from malicious entities.

Cyberint, a leading cybersecurity research firm, has observed this trend and notes that the attackers are following a specific modus operandi. They primarily exploit leaked credentials and employ brute-force techniques to breach LinkedIn accounts, especially those with weaker security settings.

Detailed Account Manipulation Tactics

Upon gaining unauthorized access, the attackers quickly take steps to ensure that the original account holders cannot easily regain control. A common strategy they employ is changing the associated email address of the account to one from the “rambler.ru” domain. This action effectively prevents victims from restoring their accounts via email. Subsequently, the attackers modify the account password. In more severe cases, some victims have even received ransom demands, typically amounting to a few tens of dollars, to regain access. There have also been instances where accounts were deleted entirely by the threat actors.

Implications of the Attack

The consistent tactics used by the attackers suggest a well-coordinated campaign targeting LinkedIn accounts. The ramifications of such breaches are profound. Malicious actors can exploit compromised profiles for social engineering purposes, tricking others into harmful actions by posing as a trusted colleague or supervisor. There have been reports of blackmail, where victims are pressured to pay for the attackers' financial benefit. Additionally, confidential information shared in LinkedIn conversations could be harvested by these threat actors for data collection. The reputational damage is also significant, as compromised accounts can be used to disseminate malicious content, erase years of contributions, or send harmful messages, tarnishing an individual's professional image.

While the exact intentions of the attackers remain ambiguous, the potential consequences for victims are grave. The attackers might have accessed data from a specific LinkedIn breach or used brute-force tools, especially targeting accounts with shorter .

Recommendations for Account Safety

To protect against such threats, Cyberint advises users to:

  • Regularly check their account access and ensure all contact information is accurate.
  • Monitor their email for any notifications from LinkedIn about added email addresses, which could be a red flag.
  • Use strong, unique passwords specifically for their LinkedIn account.
  • Enable two-step verification for added security.

As of this moment, LinkedIn has not issued an official statement regarding these incidents, emphasizing the need for users to be vigilant and proactive in securing their accounts in this era of escalating digital threats.