Security researchers discovered that an APT group known as “Silent Librarian” is actively targeting universities with spear phishing attacks.Malwarebytes learned in mid-September that Silent Librarian, also known as “TA407” and “COBALT DICKENS,” had launched a new attack campaign.In its analysis of the operation, the security firm found that the threat actor had registered convincing domains to mimic legitimate university websites around the world. These domains predominantly relied on the .ME top-level domain followed by .TK and .CF.Silent Librarian also used Cloudflare for most of its phishing hostnames, as uncovered by Malwarebytes, although the group did tie at least some of its infrastructure to hosts located in its home country of Iran.
Part of the phishing infrastructure showing connections with Iran. (Source: Malwarebytes)This isn’t the first time that Silent Librarian has targeted universities. In 2018 and 2019, Secureworks and Proofpoint uncovered attack campaigns in which the APT group targeted universities in over a dozen countries.News of those attacks arrived shortly after the Department of Justice indicted nine Iranians for attempting to steal information from universities and other organizations.The ongoing resilience of Silent Librarian highlights the threats confronting organizations in the education sector and the need for these entities to protect themselves against phishing attacks. PJ Norris, senior systems engineer at Tr ..
Support the originator by clicking the read the rest link below.
