The weakest link in security are humans. Iranian hackers launch credential-stealing phishing attacks against universities resulting in the theft of intellectual property and research data.
Universities in the US, UK and Australia are being targeted by the Colbalt Dickens hacking group who are linked to the Iranian government. It is speculated these attacks are in response to recent government sanctions and Iranian academic talent leaving for countries for collaborative academic research purposes.
The phishing emails look legitimate, and appear to come from online library services at the university. The email content claims the user’s account has been deactivated, and to reactivate, they follow a spoofed URL link and provide credentials. In addition to their phishing tactics, the group uses publicly available tools and code taken from GitHub instead of using malware. This tactic allows them to remain undetected by security software.
I have found that user education in the form of anti-phishing campaigns and enabling multi-factor authentication are crucial in combating phishing attacks.
Hi Andrew,
This is an interesting article. As an international student in Temple, I have received many phishing emails, and most of them are related to job offers. Temple did a very good job by sending us an email about any phishing emails we could receive. However, it is kind of late sometimes because the warning emails by ISSS were usually days after the phishing emails.