Attackers used LinkedIn to pose as recruiters from US firms in order to steal information and money from European military and aerospace executives, Infosecurity Magazine reported.

According to new research from ESET — named Operation In(ter)caption — the actions took place from September to December 2019 and began with a believable job offer, seemingly from a well-known company, that contained a OneDrive link which in turn contained a PDF document with salary information related to the fake job offer; however, malware was silently deployed on the victim’s computer.

The attackers had created separate fake LinkedIn accounts: one impersonating an HR manager from Collins Aerospace (formerly Rockwell Collins), a major US supplier of aerospace and defense products; the other posing as an HR representative of General Dynamics, another large US-based corporation with a similar focus. (Note: These LinkedIn accounts no longer exist.)