An Iranian-linked hacking group, dubbed Cobalt Dickens, has launched a global phishing campaign targeting universities around the world, researchers say.
The group campaign was initially discovered last year by researchers at Secureworks. According to the security firm, the campaign targeted universities in countries, including the United States and the United Kingdom.
In a statement, Allison Wikoff, senior security researcher at Secureworks, said:
“This campaign is aimed at accessing academic research that can be applied for economic and other benefits, and is a direct response to sanctions and an exodus of academic talent from Iran to countries where they are able to participate in and benefit from open and collaborative academic research.”
Even worse, although the US government indicted nine members from the group last year, the threat actors continue to target universities. In fact, according to Secureworks, the group has used some of the same domains in their new phishing campaign that were used before the indictment.
Wikoff believes that the group’s refusal to change tactics suggests that they’ve been effective in achieving their objectives.
In addition to targeting the US and the UK, Cobalt Dickens has also targeted universities in Australia, Canada, Hong Kong, and Switzerland.
Like previous attacks, this new campaign targets students, faculty, and staff with phishing emails claiming that the victims needed to reactivate their account by clicking a link. Once clicked, victims were redirected to a spoofed login page, that looked legitimate, where their passwords were stolen.
“As of September 2019, it’s thought that Iranian hackers have targeted at least 380 universities in over 30 countries – with some targeted multiple times – and it’s believed the attacks targeting faculty and students will continue.”