Iranian Hackers Targeting Universities Worldwide

Researchers from SecureWorks Counter Threat Unit (CTU) have discovered an ongoing campaign that has been targeting universities and educational institutions across 14 countries including the United States, the United Kingdom, Canada, China, and Switzerland. SecureWorks believes that an Iranian-based advanced persistent threat (APT) group Cobalt Dickens is responsible for the attacks. Users are sent phishing emails containing links that lead to fraudulent domains. These domains are spoofed pages of university logins and online libraries. If a victim enters their username and password, the credentials are stolen, and the victim is redirected to the legitimate login page. The NJCCIC recommends users and administrators at universities and other educational institutes review the SecureWorks blog for more information on this campaign. Additionally, users are advised to be aware of tactics such as these and be sure to never click on links in emails to navigate to websites requiring the input of account credentials and, instead, manually type the website URL into your browser.