Clandestine Fox hackers spreading malware via Facebook, Twitter and LinkedIn

The hacker group behind a notorious campaign targeting a critical vulnerability affecting multiple versions of Microsoft Internet Explorer has altered its strategy to spread malware using social media, according to security firm FireEye.

FireEye senior threat analyst Mike Scott reported the Clandestine Fox hackers altered their attack strategy after Microsoft issued a patch for the IE flaw, in a blog post. Scott said FireEye uncovered the new attack campaign after detecting a number of malicious social network messages targeting its customers.

"The attackers used a combination of direct contact via social networks as well as contact via email, to communicate with their intended targets and send malicious attachments. In addition, in almost all cases, the attackers used the target's personal email address, rather than his or her work address," read the post.

"This could be by design, with a view toward circumventing the more comprehensive email security technologies that most companies have deployed, or also due to many people having their social network accounts linked to their personal rather than work email addresses."

FireEye director of technology strategy Jason Steer told V3 while the Clandestine Fox strikes are only targeting very specific groups, the effectiveness of the tactic means it is only a matter of time before the wider crime community learns from them.

"Sites like Facebook and LinkedIn are prime sites to look for and target people. If you create a fake profile with a throwaway email account you can be anyone you like and if you access it via Tor no one knows where you connect from either and hence hard to trace back. Then you connect with the target," he said.

"These types of attacks will be reused and recycled into attacks by other gangs in the cybercrime industry as the effectiveness of their APT-style attacks slows. It will then be used by hacktivists, lone hackers and then by general cyber criminals all looking to use their hack against targets of interest or finally against the general man on the street."

Steer recommended businesses take a variety of precautionary measures to protect themselves from future social media-based hack campaigns. These include deleting suspicious messages and requests from people you don't know without opening them and using long passwords that are not shared across multiple accounts.

Clandestine Fox is one of many hacker campaigns uncovered in recent months. Crowdstrike reported discovering a Putter Panda hack campaign spying on high-tech firms involved in space, aerospace and communications industries earlier this week.

• Tweet  
• Facebook  
•  
•  
• Save this article  
• Send to  

• Topics
• Security
• Hacking
• cyber-crime
• FireEye
• malware
• LinkedIn
• Facebook
• Twitter