LinkedIn accounts targeted in a worldwide hacking campaign

A hacking campaign appears to be underway targeting owners of LinkedIn accounts across the globe.

The Israel-based cybersecurity firm CyberInt said it observed a significant number of victims losing access to their accounts, with some of them pressured to pay a ransom for regaining access to their accounts. In some cases, users’ accounts were permanently deleted.

“Our analysis using Google Trends reveals a significant surge in the past 90 days in the volume of Google searches related to the hacked account campaign. Search queries such as “LinkedIn account hacked” or “LinkedIn account recovery” have experienced a substantial upward trend, while the term “breakout” in place of percentage indicates that the search term grew by over 5000%,” the researchers noted.

The threat actors behind the campaign appear to be using leaked credentials or brute-forcing to attempt to take control of a large number of LinkedIn accounts.

The researchers have observed two attack scenarios - temporary account lock and full account compromise. In the case of accounts properly protected with two-factor authentication or strong passwords, takeover attempts resulted in the temporary account lock.

However, in more unfortunate cases victims had their LinkedIn accounts fully hacked, making them unable to recover their accounts independently. Upon gaining access to the account, the attackers swapped the associated email address with another email address, often using addresses generated using the “rambler.[ru]” email system. The hackers then change the account password.

“While the motive behind this campaign remains unclear, the implications of compromised professional LinkedIn accounts are deeply concerning. Threat actors could exploit compromised profiles for social engineering, manipulating others into engaging in harmful activities under the disguise of a trusted colleague or supervisor,” CyberInt warns. “Hacked accounts could be used to spread malicious content, erase years of contributions, or send damaging messages to connections, severely damaging an individual’s reputation.”