Mia Ash, a young London-based photographer, has hundreds of friends and connections on social media, especially on LinkedIn. A majority of Ash's friends are men from Middle Eastern and Asian countries, who fawns over whenever she posts images on her various social media accounts. If you are a photography buff and thinking of getting in touch with her, it is better you reconsider the decision because it's a trap, and Mia Ash doesn't exist.
Yes, Mia is a fake persona. Her biography shared online is made-up, and her photos are lifted from social media profiles, according to security firm SecureWorks. Researchers have claimed that a hacking group called Cobalt Gypsy, with links to the Iranian government, has created the persona to target male employees of oil and technology companies in countries, including Saudi Arabia, Iraq, Israel, India and the US.
The hackers behind the Ash persona first connect with their targets on LinkedIn, and share information related to photography. They gradually shift the conversation to other platforms like Facebook and WhatsApp, before sending infected links and encouraging victims to open such links at work using their corporate email account.
The entire scam came to light when SecureWorks examined a spyware infecting a Middle Eastern company earlier in February. Further analysis revealed one of the company's employees was in touch with the Ash persona for over a month.
The employee received a Microsoft Excel attachment for a photography survey from Ash. When he opened it on his office network, it launched a macro on his computer and tried to install a piece of malware called PupyRAT, which can give the attackers full access to the victim's system. However, the phishing attempt was unsuccessful as the company's anti-virus precautions detected the malware.
SecureWorks also found that the Ash persona was established in April 2016 or earlier, and the profile photos used for the fake accounts were stolen from a Romanian photographer.
According to researchers, as many as 40 people are believed to have interacted with Ash on LinkedIn and Facebook while the persona also had counterfeit accounts on Instagram, WhatsApp and Blogger.
The researchers also said the hackers focused on LinkedIn because its users are inclined to trust others on the website. In addition, they first befriended prominent photographers to make the profile look more authentic.
"It's a professional network, so there's a little bit of trust people assume when they join it, versus social networks which are more designed for socialization," Allison Wikoff, one of the SecureWorks researchers who led the analysis, told CNN.