TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
http://www.us-cert.gov/tlp/
Summary: Cybersecurity researchers with Cyberint observed (weblink below) a wave of account hacks targeting LinkedIn that has resulted in many accounts being locked out for security reasons or ultimately hijacked by attackers. The attackers appear to have used leaked credentials or brute force to compromise the accounts, with those that require multiple takeover attempts due to strong passwords or two-factor authentication resulting in a temporary lock. Some users have been pressured into paying a ransom to regain control of their accounts.
Cyberint Blog: hxxps://cyberint[.]com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
NYSIC CAU Analyst Note: Cyberint researchers said the attackers swap email addresses with one from the “rambler.ru” service. Targeted accounts that were protected by strong passwords and/or two-factor authentication were temporarily locked by LinkedIn as a protection measure. Account owners were then prompted to verify ownership and update their passwords before being allowed to sign in again.
Sources:
hxxps://www.bleepingcomputer[.]com/news/security/linkedin-accounts-hacked-in-widespread-hijacking-campaign/
hxxps://www.digitalinformationworld[.]com/2023/08/linkedin-becomes-target-of-new-wave-of.html
hxxps://www.computing.co[.]uk/news/4122320/linkedin-surge-account-hijacking
This information has been disseminated to:
NYSIC CAU Contacts – OCT-CIP
NYSIC CAU Contacts – ITS EISO
NYSIC CAU Contacts – Cyber Partners Working Group (CPWG)
NYSIC CAU Contacts – Critical Infrastructure: All
NYSIC CAU Contacts – SLTT
For more information, please contact the NYSIC Cyber Analysis Unit at (518) 786-2191 or CAU@nysic.ny.gov.
TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules,
TLP:CLEAR information may be shared without restriction.
http://www.us-cert.gov/tlp/
CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain highly sensitive and confidential information. It is intended only for the individual(s) named. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.
