According to one her new report RiskIQ, universities and colleges around the world have been found in the focus of a new phishing campaign.
Phishing campaign it is called Shadow academy and among other things has targeted the Louisiana State University (LSU) in the United States and Universities of Oxford, Brighton and Wolverhampton on United Kingdom.
The researchers of RiskIQ detected the malicious activity of Shadow Academy in early July 2020.
Following the campaign from July to October 2020, researchers discovered 20 victims in Australia, Afghanistan, the United Kingdom and USA.
According to the researchers, the tactics, techniques and procedures (TTP) used during the campaign were "similar" to those developed by the Mabna Institute, One Iranian company which, according to FBI, was created for illegal access "On non-Iranian scientific resources through computer intrusions".
According to the RiskIQ report, most universities (63%) were affected by attacks on student portals etc, while 37% by attacks related to the library of the institution. Finally, 11% were affected by attacks on student financial aid.
The LSU, which suffered a domain shadowing attack, was the first target identified by RiskIQ.
In domain shadowing attacks, the criminals steal domain account credentials and then create subdomains to direct traffic to malicious servers or, in this case, create phishing pages. These subdomains are not easy to locate because they are very similar to known domains.
The researchers found that Shadow Academy intended to carry out similar phishing attacks at three other universities.
RiskIQ has been able to identify many compromised domains.
Source: Infosecurity Magazine