Iranian hackers attack UK universities to steal secret research | Cyber Security
Hackers linked with the Iranian government are targeting universities and academic institutions around the world as part of a major campaign to steal unpublished research and obtain intellectual property, security researchers have revealed.
Cyber experts from IT firm Secureworks discovered the attacks, which they believe stem from the Cobalt Dickens group operating out of Iran.
The hackers targeted 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States
As the investigation is still ongoing into the hacking attacks, Secureworks has not shared the full list of universities. However, the firm told The Independent that targets include universities listed in the Times Higher Education Top 50..
The campaign involved creating fake websites that resembled the login pages for each university.
Anyone who accidentally filled in their account name and passwords to the spoofed login pages would have handed the group their login credentials.
After filling in their details, victims would be automatically redirected to the legitimate website, meaning they may have been unaware that they had fallen for the hack.
Iran protests – in pictures
1/11
University students at an anti-government protest inside Tehran University, 30 December 2017
AP
2/11
A university student at a protest inside Tehran University while a smoke grenade is thrown by anti-riot Iranian police, 30 December 2017
AP
3/11
University students at a protest inside Tehran University, 30 December 2017
AP
4/11
University students run away from the police during an anti-government protest inside Tehran University, 30 December 2017
AP
5/11
An image grab taken from a handout video released by Iran’s Mehr News agency reportedly shows a group of men pulling at a fence in a street in Tehran, 30 December 2017
AFP/Getty
6/11
Demonstrators gather to protest in Tehran, 30 December 2017
AP
7/11
Iranians chant slogans as they march in support of the government near the Imam Khomeini grand mosque in Tehran, 30 December 2017
AFP/Getty
8/11
Iranians chant slogans as they march in support of the government near the Imam Khomeini grand mosque in Tehran, December 30 2017
9/11
Iranian clerics take part during a state-organized rally against anti-government protests in the country, in the holy city of Qom, south west Iran, 3 January 2018
EPA
10/11
In this photo provided by the Iranian Students’ News Agency, a clergyman takes a picture of a pro-government demonstration in the southwestern city of Ahvaz, Iran, 3 January 2018
ISNA via AP
11/11
Pro-government demonstrators gather at the Massoumeh shrine in Iran’s holy city of Qom, some 130 kilometres south of Tehran, 3 January 2018
AFP/Getty
1/11
University students at an anti-government protest inside Tehran University, 30 December 2017
AP
2/11
A university student at a protest inside Tehran University while a smoke grenade is thrown by anti-riot Iranian police, 30 December 2017
AP
3/11
University students at a protest inside Tehran University, 30 December 2017
AP
4/11
University students run away from the police during an anti-government protest inside Tehran University, 30 December 2017
AP
5/11
An image grab taken from a handout video released by Iran’s Mehr News agency reportedly shows a group of men pulling at a fence in a street in Tehran, 30 December 2017
AFP/Getty
6/11
Demonstrators gather to protest in Tehran, 30 December 2017
AP
7/11
Iranians chant slogans as they march in support of the government near the Imam Khomeini grand mosque in Tehran, 30 December 2017
AFP/Getty
8/11
Iranians chant slogans as they march in support of the government near the Imam Khomeini grand mosque in Tehran, December 30 2017
9/11
Iranian clerics take part during a state-organized rally against anti-government protests in the country, in the holy city of Qom, south west Iran, 3 January 2018
EPA
10/11
In this photo provided by the Iranian Students’ News Agency, a clergyman takes a picture of a pro-government demonstration in the southwestern city of Ahvaz, Iran, 3 January 2018
ISNA via AP
11/11
Pro-government demonstrators gather at the Massoumeh shrine in Iran’s holy city of Qom, some 130 kilometres south of Tehran, 3 January 2018
AFP/Getty
Most of the domains for the fake websites were registered between May and August of this year, with the most recent registration on 19 August.
“The targeting of online academic resources is similar to previous cyber operations by COBALT DICKENS, a threat group associated with the Iranian government,” a spokesperson for Secureworks said.
“In those operations, which also shared infrastructure with the August attacks, the threat group created lookalike domains to phish targets and used credentials to steal intellectual property from specific resources, including library systems.”
Earlier this year, the US Justice Department charged nine Iranians for conducting a massive cyber theft campaign on behalf of the Iranian government.
The indictment alleged that the Iranians stole more than 31 terabytes of documents and data from more than 140 universities, 30 companies and five government agencies in the US.
“The hackers targeted innovations and intellectual property from our country’s greatest minds,” US Attorney Geoffrey Berman said at the time.
“These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest. The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”
It is unclear if these nine alleged hackers were involved in the latest attacks.