By: Brent Burgess 9/18/201
Around three weeks ago SecureWorks, a cybersecurity research group, discovered a massive phishing scheme that has been recently targeting many universities. This phishing attack has targeted over 76 universities in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States. Most of these spoof sites had domains which attempted to replicate the universities’ library pages, getting access to accounts attempting to enter their library resources, and obtaining 31 terabytes of academic knowledge. When the information was entered, they were redirected to the actual university library site where they either were signed in or asked to repeat their credentials. The 16 domains were created between May and August of this year. Many of these stolen research papers were then sold by texting an encrypted message to WhatsApp or Telegram.
These phishing attacks were found to be perpetrated by the Cobalt Dickens hacking group which has been found to be closely associated with the Iranian government. In March of this year, the United States had indicted the Mabna hacking group and nine members in connection with the group. This group’s previous attacks appeared to have the same infrastructure as the Cobalt Dickens attacks, implying some of the same members were involved. These universities which create cutting-edge research are high priority targets due to the value of their information presents as well as the difficulty of securing them. This hack has taken place shortly after the United States decided to re-establish economic sanctions with the United States implying a potential political motivation.
“This widespread spoofing of login pages to steal credentials reinforces the need for organizations to incorporate multi-factor authentication using secure protocols and implement complex password requirements on publicly accessible systems.” -SecureWorks
https://www.zdnet.com/article/iran-hackers-target-70-universities-in-14-countries/ https://www.express.co.uk/news/world/1017903/US-sanctions-Iran-hackers-nuclear-power-cybersecurity-donald-trump/ https://www.securityweek.com/iranian-hackers-target-universities-large-attack-campaign-secureworks https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities