HOTTEST
A researcher explores how entropy could be used to flag suspicious images and documents hiding malicious secrets. More
Hackers have gained access to the core infrastructure of LineageOS, a mobile operating system based on Android, used for smartphones, tablets, and set-top boxes. The intrusion took place last night, on Saturday, at around 8 pm (US Pacific coast), and was detected before the attackers could do any harm, the LineageOS team said in a […] More
Image: Getty Images/iStockphoto Over a hundred students, academics, industry professionals, political figures, and NGOs have signed a petition to void plans to replace Taiwan’s ID card with a new electronic version. Set to begin rolling out in October, the chipped card [PDF] would allow digital signatures, new anti-forgery capability, and other applications that could be […] More
A group of Iranian hackers with a history of attacking academic institutions have come back to life to launch a new series of phishing campaigns, security firm Malwarebytes said today.
The new attacks were timed to coincide with the start of the new academic years when both students and university staff were expected to be active on university portals.
The attacks consisted of emails sent to victims. Known as “phishing emails,” they contained links to a website posing as the university portal or an associated app, such as the university library.
The websites were hosted on sites with lookalike domains, but in reality, collected the victim’s login credentials.
Attacks linked to Silent Librarian group
Malwarebytes says the attacks were all orchestrated by the same group, known in cyber-security circles under its codename of Silent Librarian.
The members of this group were indicted in the US in March 2018 for a long string of attacks against universities from all over the globe, dating back as far as 2013.
According to the US indictments, the hackers gained access to university portals from where they stole intellectual property or limited-release academic work, which they later re-sold on their own web portals (Megapaper.ir and Gigapaper.ir).
However, despite the US indictment, the hackers remained at large in Iran and mounted subsequent attacks.
These attacks usually took place each fall, right before the new school year. Their 2018 campaign was documented in a Secureworks report, while Proofpoint spotted last year’s campaign.
Group is now hosting attack servers in Iran
But compared to the past attacks, the 2020 campaign is different.
Malwarebytes said this time around, Silent Librarian hosted some of its phishing sites on Iranian servers.
“It may seem odd for an attacker to use infrastructure in their own country, possibly pointing a finger at them. However, here it simply becomes another bulletproof hosting option based on the lack of cooperation between US or European law enforcement and local police in Iran,” the US security firm said.
Below is a list of universities the group targeted, along with the phishing sites they used, in case students and university staff may want to review any past emails.
Phishing site
Legitimate site
Target
library.adelaide.crev.me
library.adelaide.edu.au
The University of Adelaide Library
signon.adelaide.edu.au.itlib.me
library.adelaide.edu.au
The University of Adelaide Library
blackboard.gcal.crev.me
blackboard.gcal.ac.uk
Glasgow Caledonian University
blackboard.stonybrook.ernn.me
blackboard.stonybrook.edu
Stony Brook University
blackboard.stonybrook.nrni.me
blackboard.stonybrook.edu
Stony Brook University
namidp.services.uu.nl.itlib.me
namidp.services.uu.nl
Universiteit Utrecht
uu.blackboard.rres.me
uu.blackboard.com
Universiteit Utrecht
librarysso.vu.cvrr.me
librarysso.vu.edu.au
Victoria University
ole.bris.crir.me
ole.bris.ac.uk
University of Bristol
idpz.utorauth.utoronto.ca.itlf.cf
idpz.utorauth.utoronto.ca
University of Toronto
raven.cam.ac.uk.iftl.tk
raven.cam.ac.uk
University of Cambridge
login.ki.se.iftl.tk
login.ki.se
Karolinska Medical Institutet
shib.york.ac.uk.iftl.tk
shib.york.ac.uk
University of York
sso.id.kent.ac.uk.iftl.tk
sso.id.kent.ac.uk
University of Kent
idp3.it.gu.se.itlf.cf
idp3.it.gu.se
Göteborg universitet
login.proxy1.lib.uwo.ca.sftt.cf
login.proxy1.lib.uwo.ca
Western University Canada
login.libproxy.kcl.ac.uk.itlt.tk
kcl.ac.uk
King’s College London
idcheck2.qmul.ac.uk.sftt.cf
qmul.ac.uk
Queen Mary University of London
lms.latrobe.aroe.me
lms.latrobe.edu.au
Melbourne Victoria Australia
ntulearn.ntu.ninu.me
ntulearn.ntu.edu.sg
Nanyang Technological University
adfs.lincoln.ac.uk.itlib.me
adfs.lincoln.ac.uk
University of Lincoln
cas.thm.de.itlib.me
cas.thm.de
TH Mittelhessen University of Applied Sciences
libproxy.library.unt.edu.itlib.me
library.unt.edu
University of North Texas
shibboleth.mcgill.ca.iftl.tk
shibboleth.mcgill.ca
McGill University
vle.cam.ac.uk.canm.me
vle.cam.ac.uk
University of Cambridge MoreMicrosoft has announced the public preview of Microsoft Defender Advanced Threat Protection (ATP) antivirus for Linux, as ZDNet reported it would at some point in 2020. The new Defender Linux endpoint protection rounds out Microsoft Defender ATP on the desktop after Microsoft added support for macOS last year and changed its name from Windows Defender […] More
Internet of Things
Samsung Spotlights Next-generation IoT Innovations for Retailers at National Retail Federation’s BIG Show 2017
That’s Fantasy! The World’s First Stone Shines And Leads You to The Right Way
LG Pushes Smart Home Appliances To Another Dimension With ‘Deep Learning’ Technology
The Port of Hamburg Embarks on IoT: Air Quality Measurement with Sensors
