Iranian APT group is targeting schools and universities by large spear phishing attacks.
According to researchers, the malicious campaign has been up and running for the last couple of years however there has been a surge in attacks from the group as students and staff members of schools/universities are coming back after the COVID-19 lockdown.
Iranian APT group is also known as Silent Librarian which operates by registering Top-level domains (TLD) with names similar to schools and colleges. Some of the hacker controlled site were exact copy of authentic university pages which were being used for stealing user credentials.
The group is sharing HTML links to the users which directs them to hacker controlled login pages. These portals incorporate stolen branding, accurate street addresses, and other social engineering techniques to manipulate users into disclosing login credentials.
Some of the university used in this attack include:
Victoria University
Universiteit Utrecht
Stony Brook University
The University of Bristol
University of Cambridge
The University of Toronto
Glasgow Caledonian University
The University of Adelaide Library
Iranian hackers have been developing and using better and advanced techniques to steal from users. There are various different campaigns that are being controlled by the APT group to bother and target users around the world.
NPAV recommends users to always check the authenticity of the web page before providing their login credentials. These credentials can be easily stolen by hackers and can be used to breach your cyber security.
Install NPAV on your devices to protect them from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.