Iranian Threat Group Targets Universities
Iranian Threat Group Targets Universities: On the heels of Iran driving a disinformation campaign on Facebook, researchers have discovered a spoofed university login page which appears to be the part of a larger credentials theft campaign believed to be the work of COBALT DICKENS, a threat group associate with the Iranian government.
According to the Counter Threat Unit (CTU) research team at Secureworks, 16 domains contained more than 300 spoofed websites and 76 university login pages across the 14 countries, which do includes the Australia, Canada, China, Israel, Japan, Switzerland, Turkey, United Kingdom and the United States.
Unsuspecting victims who had entered their login details to the spoofed pages were then redirected. Once on legitimate website, users were either automatically logged into a valid session or they were asked to re-enter their details. “Numerous spoofed domains referenced the targeted universities’ online library systems, indicating the threat actors’ intent to gain access to these resources,” researcher wrote.
On the March 23rd 2018, Department of Justice just issued indictment charges against the nine Iranians alleged to be associated with Iran-based Company, Mabna Institute, which reportedly conducted the cyber-intrusion campaigns into the computer systems of universities around the globe between the 2013 and 2017.
“These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries,” said Deputy Attorney General Rod Rosenstein.
Despite the indictments in March 2018, Iranians threat group is still targeting the global universities to compromise their sensitive credentials through the same procedure they used earlier spoofing tactics as previous attacks.
“Universities area attractive targets for threat actors interested in obtaining intellectual property. In addition to being more difficult to secure than heavily regulated finance or healthcare organizations, universities are known to develop cutting-edge research and can attract global researchers and students. CTU researchers have contacted various global partners to address this threat,” researcher wrote.