Malwarebytes issued a warning yesterday that Iranian hackers who have carried out a series of attacks on numerous universities, plan to launch a new series Phishing campaigns. The new attacks are expected to take place at the beginning of the new academic year, when both students and university staff will start using the university portals.
Iranian hackers in their attacks sent unsuspecting victims of phishing emails with links that referred to a site, which was presented as a university portal or as a relevant application, like the library of a university. Iranian hackers deceived the victims and gathered them credentials their connection.
According to Malwarebytes, the attacks were organized by the same group, known as "Silent Librarian".The members of this group were charged in March 2018 at USA for a large number of attacks against universities around the world, dating back to 2013.
According to US allegations, the Iranian hackers acquired access in university portals, from where they stole intellectual property and academic projects, which they later sold in their own online portals - Megapaper.ir and Gigapaper.ir. However, the hackers remained free at Iran and continued to perform attacks. Their attacks usually took place every autumn, just before the start of the new academic year.
Compared to previous attacks, the campaign carried out by Iranian hackers this year is different. According to Malwarebytes, Silent Librarian hosted some of its phishing sites in Iranian servers, something he had never done before.
It may seem strange for an intruder to use infrastructure located in his country. However, this is due, in this case, to the lack of cooperation between the US or European police and the local police in Iran, the US security company said.
Among the universities targeted by Iranian hackers with phishing sites are the following:
- The University of Adelaide Library: library.adelaide.edu.au (legitimate site), library.adelaide.crev.me (phishing site)
- The Caledonian University of Glasgow: blackboard.gcal.ac.uk (legitimate site), blackboard.gcal.crev.me (phishing site)
- The New York State University in Stony Brook: blackboard.stonybrook.nrni.me (legitimate site), blackboard.stonybrook.edu (phishing site)
- The University of Utrecht: uu.blackboard.com (legitimate site), uu.blackboard.rres.me (phishing site)
- The University of Bristol: ole.bris.ac.uk (legitimate site), ole.bris.crir.me (phishing site)
- The University of Cambridge: raven.cam.ac.uk (legitimate site), raven.cam.ac.uk.iftl.tk (phishing site)