Someone is targeting LinkedIn accounts, trying to break in with either login credentials leaked elsewhere, or with brute-force attacks.
As a result, many people have had their accounts compromised, while others have been locked out due to too many failed login attempts.
Earlier this week, Cyberint reported that many LinkedIn users took to social media platforms, such as Reddit, Twitter, or Microsoft Forums, to ask for help. LinkedIn’s customer support, it seems, is being overwhelmed with requests, resulting in unusually long response times.
“Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts,” Cyberint researcher Coral Tayar said in a writeup.
“While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests.”
Sharing their experience on Reddit, one user said their account got hacked six days ago, and that the email associated with the account was changed in the middle of the night.
The victim asked the company for help, to no avail: “No response from them anywhere. It’s pathetic. I tried reporting my hacked account, going through identity verification, and even DMing them on @linkedinhelp on Twitter. No responses anywhere. What a joke of a company.”
While the goal of the campaign is unknown, as is the identity of the attackers, the researchers did manage to find out that the emails are being replaced with those from the “rambler.ru” service. This doesn’t necessarily mean that the threat actors are Russian, but it gives some credence to the notion.
As for the goals, social media accounts can be used for malware distribution, social engineering, or fraud. Messages received from friends and colleagues on social media platforms usually have a higher open rate than those coming from complete strangers, possibly resulting in more successful malware campaigns.