A hacking group with links to Iran has targeted some of the UK’s leading universities in an attempt to steal unpublished research and obtain intellectual property.
Researchers from Secureworks Counter Threat Unit (CTU) discovered the scam and believe a group called ‘Colbalt Dickens’ is behind the attack, which targeted multiple universities across the world.
The researchers found more than 300 spoofed websites for 76 universities located in the UK and 13 other countries, including the US, Canada, Israel, China, Australia, Switzerland and Japan.
Victims have been prompted to enter their username and password into a fake login page, before being redirected through to the official university website where they are logged into a valid browsing session.
A number of the spoofed domains reference the university’s online library systems, indicating the attacker’s intention to access academic resources.
Most domains were tied to the same IP address and the vast majority were registered between May and August 2018.
The universities targeted in the attack have not yet been named, but some are reported to be among the Times Higher Education’s list of the UK’s top 50.
A spokesperson for CTU commented on the scam: “Universities are attractive targets for threat actors interested in obtaining intellectual property.
“In addition to being more difficult to secure than heavily regulated finance or healthcare organisations, universities are known to develop cutting-edge research and can attract global researchers and students.”
Spoofed websites are created to trick unsuspecting users into thinking they are on a legitimate site. Criminals will spend a lot of time making the site seem as credible as possible and many sites will appear almost indistinguishable from the real thing.
To determine if the site you are on is legitimate or a well-crafted fake you should:
MetaPhish has been designed to provide the first line of defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.