Photo: Scott Eells/Bloomberg
Researchers at Secureworks discovered a vast network of phishing sites designed to gain login credentials to universities that appear to be connected with the same Iranian group recently indicted by the U.S. Justice Department over stealing intellectual property and research.
Why it matters: Intellectual property and research are attractive targets for Iran, which has lost access to much of the U.S. and world markets due to sanctions.
The backdrop: In March, the U.S. indicted the Iranian Mabna Institute and nine Iranian individuals accused of hacking universities and companies as contractors of the Iranian government. Secureworks internally refers to that campaign as "Cobalt Dickens."
The new details: In researching a phishing site designed to steal usernames and passwords from one university, Secureworks found more than 300 phishing sites linked to 76 universities hosted on the same internet address.
- Those universities were located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.
- That network shared infrastructure with Cobalt Dickens, leading researchers to conclude it is likely connected to that group.
- Many of the newly discovered sites were registered between May and August.
- If the new sites are connected to Cobalt Dickens, it would appear Iran is undeterred by the earlier indictments.