Iranian pirates attacked more than 60 international universities to access the library, and the Cobalt Dickens group, linked to the Iranian government, conducted phishing operations in July and August targeting more than 60 universities in countries on four continents to gain access to the library.
Security researchers say the piracy activity of the group linked to the Iranian government has affected at least 380 universities in more than 30 countries, and many targets have been attacked several times.
The latest phishing campaign has targeted institutions in Australia; Hong Kong; the United States; Canada; the United Kingdom; and Switzerland. Iranian hackers have used at least 20 new domain names registered using the Freenom service.
The fake email sent by the Cobalt Dickens Group to people with access to the target university library shows a message urging the account to be reactivated by following a deceptive link.
Researchers say that following a fake link leads to a Web page that looks identical to or similar to the phishing library resource. Once provided, login data is stored in a file called pass.txt, and the web browser loads the original university site.
In order to remove suspicions about fraudulent activity, hackers often use valid TLS certificates for their websites, and most of the certificates observed in this campaign appear to be free, issued by the nonprofit certification authority (Let’s Encrypt).
Source : aitnews