Security firm Malwarebytes released a report detailing an Iranian hacking campaign in which academic institutions have been targeted. The group, known as Silent Librarian, has historically gone after universities and school systems, however, has recently launched new campaigns with the same goal as previous years. The attacks coincide with the start of new academic years when it is expected that both students and university staff will be actively logging into university portals and emails.
The attacks begin with a simple phishing email posing as a notice from a known application, however, the links lead to malicious copies of sites such as a university library website. The lookalike domains collect login credentials from victims, allowing the threat actors to further compromise networks and devices. Several members of the Silent Librarian threat actor group were indicted in the US in 2018 for their roles in a long string of attacks on universities around the globe as early as 2013.
Read More: Iranian hackers restart attacks on universities as the new school year begins