Australian unis targeted by phishers

Up to 26 Australian universities fell target to a multibillion-dollar spear-phishing attack alleged to have been funded by the Iranian government.

The US Department of Justice has charged nine Iranians in association with the alleged theft of more than 31 terabytes of data from universities, companies and government agencies worldwide.

The Silent Librarian campaign reportedly cost universities alone a combined US$3.4 billion ($4.43 billion). The FBI alleges that the stolen information was then used by the Islamic Revolutionary Guard Corps (IRGC) or sold for profit inside Iran.

The nine individuals were allegedly leaders, contractors, associates, hackers for hire and affiliates of the Iran-based Mabna Institute.

Mabna Institute was the perpetrator of a phishing campaign targeting 320 universities across 22 countries, including 26 of Australia’s 43 universities.

Australia was in fact one of the main targets of the attacks, along with the US, Canada and the UK. Targets included all of the Group of Eight — the ANU, the University of Sydney, Monash University, University of NSW, University of Western Australia, University of Melbourne, University of Adelaide and Queensland University of Technology.

The suspects are alleged to have stolen login credentials of 8000 academics across these institutions and used the logins to steal research, academic journals, theses, dissertations and e-books.

According to Phish Labs, the method of attack involved tricking these academics into clicking a malicious link by thinking they need to reactivate expired library accounts.

The link redirected to a spoof login page designed to harvest usernames and passwords. The website, which included a valid SSL certificate, was then used to harvest the stolen data and on-sold through a website likely run by one of the accused.

This website also charged for access to individual stolen research, documents and journal articles.

Follow us and share on Twitter and Facebook