The Iranian hacker group is targeting universities in 12 countries. The Iranian hacker group is targeting universities in 12 countries. The Silent Librarian campaign has re-emerged for the fall school session, ...
The Silent Librarian campaign has re-emerged for the fall school session, actively targeting students and faculty at universities via spear-phishing campaigns.
The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has been on the prowl since the start of the 2019 school year, launching low-volume, highly-targeted, socially engineered emails that eventually trick victims into handing over their login credentials. The goal is to harvest not just logins to sell online, but also proprietary university research and data, researchers said.
The emails typically masquerade as messages from university library systems or other on-campus divisions. Over the course of the last school year, the cyberattackers honed their efforts, and began using shortened URL links in their phishing emails, which make it more difficult to detect that victims are being redirected to an attacker-hosted landing page. The attackers also revamped their landing pages with new university-specific banners, based on weather alerts or emergency notifications, to make them look more authentic.
Now, this APT group is going back to school with a fresh campaign that seems to be targeting institutions globally, according to an analysis Tuesday from Malwarebytes. Targets stretch across a dozen countries and so far have included: The University of Adelaide in Australia; Glasgow Caledonian, University of Kent, University of York, King’s College London, Cambridge and others in the U.K.; the University of Toronto and McGill in Canada; and Stony Brook University, University of North Texas and others in the U.S.
The modus operandi seen last year remains in place, with Silent Librarian hosting a series of phishing sites that are built to mimic legitimate university domains. For instance, emails purporting to be from the University of Adelaide Library directed victims to a “library.adelaide.crev[dot]me” URL, which is very close to the legitimate “library.adelaide.edu.au” domain of the school.
“Many of these have been identified and taken down, [but] the threat actor has built enough of them to continue with a successful campaign against staff and students alike,” according to the analysis. “Clearly we only uncovered a small portion of this phishing operation. Although for the most part the sites are taken down quickly, the attacker has the advantage of being one step ahead and is going for many possible targets at once.”
Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate. ... The multiple CAPTCHAs serve as backups, in case the first one gets defeated by automated systems, said researchers.
A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.
CryptBB becomes more inclusive by inviting less experienced hackers to learn from expert cybercriminals and one another.
Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.
Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots