Silent Librarian University Attacks Continue Unabated in Days Following Indictment
(Apr 5, 2018)
Following the indictment of nine Iranian threat actors on March for stealing significant amounts of data from business, governments, and universities around the globe, Phish Labs researchers have discovered that the information-theft campaign is still ongoing. The group responsible for the campaign, dubbed “Silent Librarian,” have been observed to have conducted 18 phishing attacks targeting 14 universities located in Australia, Canada, France, the U.K., and the U.S. Researchers note that the phishing campaigns have specifically targeted universities and organizations with robust research departments with a focus on technology and medicine.
Recommendation: All employees should be educated on the risks of phishing, specifically, how to identify such attempts and whom to contact if a phishing attack is identified. Emails that request that the recipient follow a link or open an attachment can often be indicative of a phishing attack.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.