In addition to stressful exams, long lectures, and COVID-19 fears, university students must also be on the lookout for potential cyberattacks. As another school year begins, a group of Iranian hackers commonly known as Silent Librarian has re-emerged, cybersecurity firm Malwarebytes has confirmed. The cybercrime group targets universities from all over the world by sending phishing emails to staff members and students, who are always active on university portals this time of year.
Phishing scams are very popular among hackers. They attempt to trick victims by posing as legitimate entities like bank employees or other trustworthy services. In this particular case, the attackers send emails containing links to malicious websites that look similar to the university’s online portal or related apps. Once you log in from the bogus web page, the scammers will collect your login details to steal intellectual property work and other academic papers, then resell them on their own websites (Megapaper.ir and Gigapaper.ir).
The US indicted all group members in 2018 for a series of cyberattacks that dates back to at least 2013. Prosecutors accused the defendants of stealing 31 terabytes of data belonging to universities, companies, and government agencies worldwide. This resulted in an approximate $3.4 billion loss to the universities alone. The indictment also claimed that the attackers conducted these crimes on behalf of the Islamic Revolutionary Guard Corps (IRGC) and other Iranian government and university entities. The list of targets included 144 American universities, 176 foreign universities, and 47 domestic and foreign private sector companies. Silent Librarian targeted over 100,000 professors worldwide, successfully gathering the email accounts of around 8,000 of them.
According to Malwarebytes, the 2020 phishing campaign is different from its predecessors because the attackers are hosting some of their fake websites on Iranian servers. The American security firm revealed that it’s strange for cybercriminals to use local infrastructure because they might reveal their identities. However, “here it simply becomes another bulletproof hosting option based on the lack of cooperation between US or European law enforcement and local police in Iran.”
You can check out a list of university targets, along with the phishing website Silent Librarian used here.
Silent Librarian, aka Mabna Institute Background
The US indictment claims that Gholamreza Rafatnejad and Ehsan Mohammadi founded Mabna Institute around 2013. The organization’s aim is aiding universities and scientific and research entities in Iran to illegally access international scientific resources. As a result, group members hired hackers and other personnel to launch cyberattacks and steal academic information, intellectual property, email inboxes, and other related data.
The other charged Silent Librarian participants included Abdollah Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam, and Sajjad Tahmasebi. They worked on the behalf of Iranian governmental and private entities like the IRGC.
Cyberattacks are growing in number each year, more so during the COVID-19 pandemic. Therefore, users need to remain vigilant and do their best not to fall victim to cybercrime. TheVPN.Guru offers the latest security and privacy tips, as well as reviews of anonymity tools like VPNs.