Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Iranian Hackers Target Universities in Large Attack Campaign: SecureWorks

SecureWorks security researchers have discovered that a new, large phishing campaign targeting universities is similar to previous cyber operations by an actor associated with the Iranian government.

SecureWorks security researchers have discovered that a new, large phishing campaign targeting universities is similar to previous cyber operations by an actor associated with the Iranian government.

The campaign involved the use of sixteen domains that contained more than 300 spoofed websites and login pages for 76 universities in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.

Many of the spoofed domains, SecureWorks says, referenced the targeted universities’ online library systems, suggesting that the actors behind the campaign were interested in accessing those resources. Not all domains were accessible during analysis.

Victims who entered their login credentials into the fake login pages were redirected to the legitimate websites. Once there, they were either automatically logged into a valid session or asked for the login credentials again, SecureWorks explains.

Many of the domains were registered between May and August 2018, the most recent of them on August 19. Most of the identified domains resolved to the same IP address and DNS name server.

The attacks share infrastructure with a previously observed campaign associated with the Iran-linked COBALT DICKENS hackers. In March, the United States indicted the Mabna Institute and nine Iranian nationals in connection with the group’s activity between 2013 and 2017.

According to the U.S. Department of Justice, the hackers targeted the accounts of more than 100,000 university professors worldwide and managed to compromise around 8,000 of them. The actors were also said to have stolen 31 terabytes of academic data and intellectual property.

“Many threat groups do not change their tactics despite public disclosures, and analysis suggests that COBALT DICKENS may be responsible for the university targeting despite the indictments of some members,” SecureWorks says.

Advertisement. Scroll to continue reading.

It is not uncommon for threat actors to target universities when looking to steal intellectual property. Not only are universities more difficult to secure compared to finance or healthcare organizations, but they are also highly attractive because they develop cutting-edge research and can attract global researchers and students, SecureWorks points out.

Related: U.S. Imposes Sanctions on Iranians for Hacking

Related: Six Months in Jail for University Email Hacker

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.