Cyber spies use LinkedIn to hack European defence firms

The attackers then used LinkedIn's private messaging feature to send documents containing malicious code which the employees were tricked into opening, said Jean-Ian Boutin, ESET's head of threat research.

ESET declined to name the victims, citing client confidentiality, and said it was unclear if any information was stolen. General Dynamics and Collins Aerospace, which is owned by Raytheon Technologies <RTX.N>, declined immediate comment.

ESET was unable to determine the identity of the hackers but said the attacks had some links to a North Korean group known as Lazarus, which has been accused by U.S. prosecutors of orchestrating a string of high-profile cyber heists on victims including Sony Pictures and the Central Bank of Bangladesh.

North Korea's mission to the United Nations in New York did not immediately respond to a request for comment.

The attacks are not the first time LinkedIn has been caught up in international espionage. Western officials have repeatedly accused China of using fake LinkedIn accounts to recruit spies in other countries, and multiple hacking groups have been spotted using the business-networking site to profile their targets.

But ESET's Boutin said hacking attempts are usually conducted via email. "This is the first case I am aware of where LinkedIn was used to deliver the malware itself," he said.

LinkedIn said it had identified and deleted the accounts used in the attacks. "We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors," said the company's head of trust and safety, Paul Rockwell.

(Additional reporting by Michelle Nichols in New York; Editing by Elaine Hardcastle)