Iranian threat actors are believed to be behind a phishing campaign that is masquerading as a member of Cambridge University to target users of LinkedIn, according to FireEye.

“In June 2019, FireEye devices detected a large phishing campaign from APT34 targeting Middle East critical infrastructure, telecom, and oil and gas entities. This campaign is consistent with the overall Iranian targeting of the energy sector that we’ve seen dating back to at least 2012. Further, this activity is representative of Iran's overarching efforts to collect strategic information of relevance to its national interests. With increasing geopolitical tensions between the U.S. and Iran and the introduction of new sanctions, we expect Iran to continue to increase the volume and scope of its cyber-espionage campaigns," FireEye's principal analyst, cyber-espionage analysis, Cristiana Brafman Kittner wrote in an email.

In addition the behavior aligns with elements of activity reported as OilRig and Greenbug by various security researchers who have attributed those attacks to APT34. "This threat group has conducted broad targeting across a variety of industries operating in the Middle East; however, we believe APT34's strongest interest is gaining access to financial, energy, and government entities,” researchers wrote.

Victims received a message from Rebecca Watts, a specious member of the research staff at Cambridge University.