The LinkedIn accounts of security specialists have been recently assaulted with recruitment requests from a series of fake accounts in what appears to be an attempt to map their networks.
The group of fake recruiter accounts is sending LinkedIn invitations to security professionals in different fields, usually with a profile picture of an attractive woman, but soon after the account details and the picture are changed, provided that the profile does not disappear entirely.
Fox-IT’s Yonathan Klijnsma raised a flag on this activity a few weeks back and explained the manner in which the so-called “recruitment” works, but could not offer specific details on the purpose of this type of activity.
There’s a group of fake recruiters on LinkedIn mapping infosec people’s networks. Not sure what their goal is yet, just a heads-up to others
— Yonathan Klijnsma (@ydklijnsma) August 18, 2015
Following Yonathan Klijnsma’s shout out, F-Secure’s Sean Sullivan took a closer look at these accounts and discovered that they were all for people supposedly working for Talent Src (Talent Sources) and that each was seemingly focused on a particular type of specialist.
The profile pictures of some of these so called recruiters were found to be flipped copies of images on Instagram and on some legitimate LinkedIn accounts, while their specialties and areas of interest were revealed to be at least questionable.
Additionally, Sullivan noted that Talent Sources’ logo actually copies that of a legitimate business, that its Twitter account hasn’t been updated since January, that it uses and egg and only two tweets have been ever posted, and that some of the LinkedIn accounts in question have already disappeared.
Targeted security professionals might receive multiple recruitment invitations per day from Talent Sources’ supposed employees over the course of several days, yet they might want to steer clear of them.
There is no exact information pertaining to the purpose of these recruitment campaigns, other than what appears to be obvious, namely that they are meant to map connections of infosec specialists rather than attempting to gather other type of information from them, albeit this possibility is not excluded either.
In May 2014, cyber intelligence firm iSIGHT Partners outed a group of Iranian threat actors, who were found using more than a dozen fake personas on popular social networking sites to run a wide-spanning cyber espionage operation since 2011.
“These credible personas then connected, linked, followed, and “friended” target victims, giving them access to information on location, activities, and relationships from updates and other common content,” iSIGHT Partners said.