Cyber criminals linked to the Iranian government are attempting to steal intellectual property from British universities, new research has revealed.
Researchers at Secureworks, a security vendor, found that the Cobalt Dickens threat group has spoofed 300 university websites and login pages in a bid to gain access to sensitive and valuable research. The hackers have run the campaign in 14 countries, including the US, Australia, Canada, China, Israel, Japan, Switzerland and Turkey.
A number of the spoofed domains refer to the universities’ online library systems, indicating that the hackers are attempting to collect passwords to access IP. In some cases, the spoofed login pages would redirect users to the legitimate page where they would be automatically logged in, minimising the chance they would realise they had been duped.
Cobalt Dickens has previously been caught stealing intellectual property. Secureworks’ researchers said universities are attractive sources of IP because they are “more difficult to secure than heavily regulated finance or healthcare organisations”.
“This widespread spoofing of login pages to steal credentials reinforces the need for organizations to incorporate multifactor authentication using secure protocols and implement complex password requirements on publicly accessible systems,” Secureworks’ research team wrote. “[We] recommend that clients implement training programs to educate users about security threats, including guidance for recognizing and reporting suspicious emails.”
Secureworks refused to disclose which UK institutions had been affected on the grounds that the investigation is ongoing.