Report: “Library-Themed University Phishing Attack Expands to Massive Scale”
From ThreatPost:
Indicating a campaign of massive scale, at least 20 new phishing domains targeting more than 60 universities in Australia, Canada, Hong Kong, Switzerland, the United Kingdom and the United States have cropped up, bent on lifting credentials from students heading back to school.
The domains are associated with a group of Iranian cyberattackers collectively known as Cobalt Dickens or Silent Librarian. As Threatpost recently reported in a post on the group’s attack tactics, the attackers are looking to use fake, library-themed landing pages to steal students’ credentials, then use those to steal and resell intellectual property, move laterally within organizations, conduct internal phishing and more.
[Clip]
“Metadata in a spoofed login page created on August 1 suggests that Cobalt Dickens sometimes uses older copied versions of target websites,” said CTU researchers, in a posting on Wednesday. “A comment left in the source code indicates it was originally copied on May 1, 2017. However, the university was targeted by numerous Cobalt Dickens operations, including the August 2018 and August 2019 campaigns.”
Read the Complete Article
More From SecureWorks/CTU Posted Cited Above:
For this campaign, the threat actors registered at least 20 new domains targeting over 60 universities in Australia, the United States, the United Kingdom, Canada, Hong Kong, and Switzerland. These domains were registered using the Freenom domain provider, which administers the following free top-level domains (TLDs) unless the domain is considered “special“:
- .ml
- .ga
- .cf
- .gq
- .tk
Many of these domains use valid SSL certificates, likely to make the spoofed pages appear authentic. The overwhelming majority of the certificates observed in 2019 were issued by Let’s Encrypt, a nonprofit organization that programmatically issues free certificates. However, past campaigns used certificates issued by the Comodo certificate authority.
Read the Complete Article
More From Dark Reading: “Indictments Do Little to Stop Iranian Group from New Attacks on Universities”
Filed under: Associations and Organizations, Libraries, News
About Gary Price
Gary Price (gprice@gmail.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com.