Universities Attacked by Phishing Campaign

Universities and colleges around the world are being targeted by a new phishing campaign, according to fresh research published by RiskIQ.

Among the educational establishments to be hit by the Shadow Academy campaign are Louisiana State University (LSU) in the United States and Oxford, Brighton, and Wolverhampton Universities in the United Kingdom.

RiskIQ researchers got wind of Shadow Academy threat actors' malicious activity at the beginning of July 2020, when it showed up on their internet intelligence graph. 

By tracking the campaign from July to October 2020, researchers uncovered 20 unique targets in Australia, Afghanistan, the UK, and the USA.  

According to researchers, the tactics, techniques, and procedures (TTPs) used across the campaign's attack were "similar" to those deployed by the Mabna Institute, an Iranian company that, according to the FBI, was created for illegally gaining access "to non-Iranian scientific resources through computer intrusions." 

Researchers found that 63% of the universities were targeted with general access or student portal attacks, 37% were targeted with library-themed attacks, and 11% of the universities were hit with attacks themed around financial aid.

LSU, which suffered a student portal domain shadowing attack, was the first target identified by RiskIQ crawl data. 

"Domain shadowing intercepts account traffic flowing to existing, registered, and otherwise trustworthy web domains," wrote researchers. 

"First, threat actors steal domain account credentials. They then register unauthorized subdomains to point traffic to malicious servers or, in this case, create phishing pages."

Researchers discovered that Shadow A ..

Support the originator by clicking the read the rest link below.