Dell Secure Works report stated that ” The level of detail in the profiles suggests that the threat actors invested substantial time and effort into creating and maintaining these personas. The photos used in the fake accounts are likely of innocent individuals who have no connection to activity.”
The profile photos used in those account are of people who had no connection with this hacking group. The report suggested that only two of these accounts are of leader figures with a profile which shows they are Recruitment Consultant. The other profiles shows that they holds an important position in industries like Banking, Automobile, Technology and many more. While the other accounts are there to support the leaders profile with endorsements and credibility to the leaders.
The researchers think that the main target of these hackers are Middle East. The top most targets of these hackers worked in telecommunication sector. Other major targets of these hackers are Middle Eastern governments and the defense sectors of Middle East and South Asia. The hackers were planning to get into these organizations database and stole highly classified data.
These hackers are identifying their potential victims by building a credible and seemingly genuine and established LinkedIn personas. The threat actors can establish a relationship with targets by contacting them directly, or by contacting one of the target’s connections. It may be easier to establish a direct relationship if one of the fake personas is already in the target’s LinkedIn network.