Iran-linked state-sponsored threat actor ‘Silent Librarian’ has launched another phishing campaign targeting universities around the world.
Also tracked as TA407 and COBALT DICKENS, the adversary was previously observed launching similar attacks for two years in a row.
In 2018, the group set up fake login pages for 76 universities. In 2019, Silent Librarian targeted more than 60 universities in Australia, Canada, Hong Kong, Switzerland, the United States, and the United Kingdom.
Observed in mid-September, the new round of attacks revealed that the threat actor is expanding its target list to include more countries. One of the victims is the Nanyang Technological University in Singapore, cybersecurity researcher Peter Kruse says.