Iranian Hacker Group COBALT DICKENS Illegally Accessing Western University Libraries

U.S. cyber security company SecureWorks, a subsidiary of Dell Technologies, has issued a report claiming that a previously identified Iranian …
Iranian Hacker Group COBALT DICKENS Illegally Accessing Western University Libraries

U.S. cyber security company SecureWorks, a subsidiary of Dell Technologies, has issued a report claiming that a previously identified Iranian hacker group called COBALT DICKENS is likely behind numerous fake university websites that target legitimate users in order to provide the Iranian government access to university library holdings.

According to SecureWorks researchers at its Counter Threat Unit (CTU), hackers from COBALT DICKENS created fake university library login pages that would record legitimate user’s login and password details. Once a user has entered his or her credentials, the fake site would redirect them to the actual university library login page where the user – and COBALT DICKENS hackers – would renter the credentials and enter the online library system and its contents.

SecureWorks CTU researchers claim that universities in Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States – among other countries – were targeted by COBALT DICKENS, with the most recent fake university library login page website created on 19 August 2018.

“Universities are attractive targets for threat actors interested in obtaining intellectual property. In addition to being more difficult to secure than heavily regulated finance or healthcare organizations, universities are known to develop cutting-edge research and can attract global researchers and students,” the report’s authors write.

According to SecureWorks, this is not the first time that COBALT DICKENS has been involved in this kind of activity.

“The targeting of online academic resources is similar to previous cyber operations by COBALT DICKENS, a threat group associated with the Iranian government. In those operations, which also shared infrastructure with the August attacks, the threat group created lookalike domains to phish targets and used credentials to steal intellectual property from specific resources, including library systems,” the CTU researchers write.

The activities of the COBALT DICKENS hackers has already been brought to the attention of the U.S. Department of Justice. In March of 2018 the U.S. government indicted an Iranian organisation called the Mabna Institute, and nine Iranian citizens believed to be a part of the COBALT DICKENS group for phishing and other social engineering activities against U.S. targets between 2013 and 2017.

Despite exposure of COBALT DICKENS methods and the indictment by the U.S. government, CTU researchers note that this has not stopped the hacker group from using the same tactics and tools for targeting its latest round of victims.

Picture of SpaceWatch.GLOBAL
SpaceWatch.GLOBAL
Continue Reading
Join BusinessClub
Business Club - Thank You
SWGL FanShop

Don't Miss Any Updates

NEWSLETTER

Subscribe now to receive the best of space insights directly in your inbox! Free of charge, finished in just 20 seconds!
* Required
Email
Contact
Newsletter
Please select the newsletter of your choice *

Yes, I would like to receive the selected newsletters for free.

You can unsubscribe anytime via the link in our emails or by contacting us. We respect your information. For details, check our Privacy Policy.
By clicking below, you agree to our terms, in particular the transfer of data to Mailchimp.
.