That huge spike in fake executive accounts on LinkedIn over the past year is starting to make a lot more sense now. Researchers at ESET have an excellent post on research that ties the 3CX supply chain compromise to North Korea's Lazarus hacking group, but the most interesting detail (for me) was this bit:

'The Lazarus group’s Operation DreamJob involves approaching targets through LinkedIn and tempting them with job offers from industry leaders."

Here's a bit more:

ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques to compromise its targets, with fake job offers as the lure. In this case, we were able to reconstruct the full chain, from the ZIP file that delivers a fake HSBC job offer as a decoy, up until the final payload: the SimplexTea Linux backdoor distributed through an OpenDrive cloud storage account. To our knowledge, this is the first public mention of this major North Korea-aligned threat actor using Linux malware as part of this operation.

https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/

My series on the huge jumps in fake executive profiles on LinkedIn last year:

https://krebsonsecurity.com/tag/linkedin-bots/

Some people wish Mastodon had better News, Tech and Culture coverage.

Well, now @Flipboard has these convenient curated accounts for you to follow:

Flipboard News Desk @NewsDesk
https://flipboard.social/@NewsDesk

Flipboard Tech Desk @TechDesk
https://flipboard.social/@TechDesk

Flipboard Culture Desk @CultureDesk
https://flipboard.social/@CultureDesk

Follow these accounts for a steady stream of pertinent posts!
(They promise not to overwhelm your feed)

Thanks @tchambers for spotting this great resource!

#twittermigration