The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities.In July and August 2019, Secureworks’ Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used in the Iranian threat group’s previous campaigns, as they did not employ shortened links. Instead, the messages contained spoofed URLs for a targeted university’s resources.
Phishing message containing a link to a spoofed domain circled in red. (Source: Secureworks)Overall, COBALT DICKENS registered over 20 new domains from Freenom, a domain provid ..