Reportedly Iranian hackers have been targeting universities and educational institutions among 14 nations in an attempt to steal intellectual property. The SecureWorks Counter Threat Unit (CTU) announced on Friday that this attempt may be likely to work as it is as it is performed by Cobalt Dickens which is one of the most advanced persistent threat (APT) actors.
Iranian Government is Connected to Cobal Dickens
Cobalt Dickens was connected to the Iranian government which was discovered by the researchers. In March the group was indicted for conducting a series of attacks on universities and organisations on behalf of Islamic Republic of Iran’s Islamic Revolutionary Guard Corps (IRGC). The Institute of Mabna has been working with Cobalt Dickens who allegedly stole data from 76 universities over 21 nations and also 47 US and foreign private sectors companies which also include US Department of Labor and the UN.
More than 14 countries were affected…
In their latest series of attacks, over 76 universities in 14 nations have been affected including institutions in the UK, US, Canada, China and Switzerland. There is a total of 16 domains that have been used by the bad actors to host more than 300 spoofed websites which include university logins pages and online libraries.
The hackers have sent many spoofed links through phishing emails, if the victim falls for the messages and enters their login information they are redirected to the real service while the data is obtained by the malicious script.
“Numerous spoofed domains referenced the targeted universities’ online library systems, indicating the threat actors’ intent to gain access to these resources,” CTU says.
Most of the domains were bought between May and August 2018, the attacks are continuing as further registrations are being made.
Take your time to comment on this article.