Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LinkedIn private-message phishing campaign targeting executives and IT admins

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

The LinkedIn phishing campaign now uses private messages and industry-themed lures to deliver a malicious archive, putting business executives and IT administrators at risk of RAT infection and follow-on compromise. The attack chain pairs a WinRAR SFX archive with a disguised DLL and a legitimate PDF reader to blend in with normal activity. It then uses DLL sideloading and an open-source penetration testing tool to establish persistence, move laterally, and exfiltrate data. The operation expands social-media phishing beyond email and shows how professional networking context can be abused for high-value targeting.

Related Happenings

REF6598 Obsidian social-engineering campaign targeting finance and crypto users

Campaign
First: 16.04.2026 14:02 Last: 16.04.2026 14:02 Sources 1

About this happening: The **REF6598** operation is using **LinkedIn**, **Telegram**, and **Obsidian** to deliver **PHANTOMPULSE**, creating a targeted intrusion path into **financial** and **cryptocurr...

Open Happening

UNC1069 open-source maintainer social-engineering campaign

Campaign
First: 04.04.2026 23:30 Last: 04.04.2026 23:30 Sources 1

About this happening: UNC1069's **coordinated social-engineering campaign** against **Node.js and npm maintainers** has widened, with multiple developers reporting the same lure pattern and the potenti...

Latest development: 06.04.2026 23:55

Security researcher Taylor Monahan and Socket reported that members of the open source software community, including Socket engineers and CEO Feross Aboukhadijeh, were targeted by the same slow-burn LinkedIn, Slack, and Microsoft Teams social engineering playbook used against Axios maintainer Jason Saayman, indicating the campaign was wider than a single Axios compromise.

Open Happening

Contagious Interview cryptocurrency social-engineering and malware-delivery campaign

Campaign
First: 23.03.2026 20:09 Last: 23.03.2026 20:09 Sources 1

About this happening: A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...

Open Happening

European social media scam ads generate nearly £3.8bn in 2025

Target Trend
First: 09.02.2026 12:30 Last: 09.02.2026 12:30 Sources 1

About this happening: **European social media platforms** generated **nearly £3.8bn** from scam ads in **2025**, showing a large fraud surface that can expose users to money loss, personal-data theft,...

Open Happening

Windows .scr phishing campaign delivering JWrapper RMM access

Campaign
First: 04.02.2026 23:06 Last: 04.02.2026 23:06 Sources 1

About this happening: The **Windows .scr phishing campaign** is using **business-themed lures** to trick users into running screensaver files that install **JWrapper** and hand attackers **interactive...

Open Happening

Timeline

  1. 20.01.2026 15:04 2 articles · 4mo ago

    ReliaQuest details LinkedIn private-message phishing campaign

    Initial Disclosure

    ReliaQuest details a LinkedIn private-message phishing campaign targeting high-value individuals, including business executives and IT administrators, with industry-themed lures that deliver a malicious WinRAR self-extracting archive, a disguised DLL, and a legitimate open-source PDF reader; the chain uses DLL sideloading and an open-source penetration testing tool to maintain persistence, exfiltrate data, escalate privileges, and move laterally.

    Show sources
    Open in new tab