The APT group known as Silent Librarian has increased its spear phishing attacks as schools and universities are back.
The IT security researchers at Malwarebytes and Peter Kruse from the CSIS Security Group have reported on an Iranian APT (advanced persistent threat) group also known as Silent Librarian, TA407, and COBALT DICKENS that has been targeting schools and universities around the world with spear phishing attacks.
According to researchers, the malicious campaign has been up and running for the last couple of years however there has been a surge in attacks from the group as students and staff members of schools/universities are coming back after COVID-19 related lockdown.
It is worth noting that in March 2018, the US Department of Justice indicted nine Iranian citizens for targeting universities to steal sensitive research records. Since then the group has gone global and its activities continue to date.
See: 40GB of leaked videos expose how Iranian hackers hijack email accounts
Silent Librarian operates by registering Top-level domains (TLD) with names similar to schools and colleges. A look at some of the sites operated by the group shows many of them had their login page cloned from original university sites to trick users into giving away their login credentials.
The group distributes messages that contain links or HTML attachments that direct victims to cloned university login portals. These portals incorporate stolen branding, accurate street addresses, and oth ..
Support the originator by clicking the read the rest link below.
