Iranian Hackers Charged Last March are Now Targeting Universities

Despite being charged by US authorities last March for cyber-attacks, Iran-based hackers Cobalt Dickens or Silent Librarian has continued its phishing operations. They have now been targeting universities and academic institutions around the world in a bid to steal intellectual property.

In these latest wave of attacks, the group allegedly stole information from a total of 76 universities located in 14 countries including the following:

  • United Kingdom
  • United States
  • Canada
  • China
  • Switzerland
  • Australia
  • Israel
  • Japan
  • Turkey

They have also targeted 47 US and foreign private sector companies, including the US Department of Labor and the United Nations.


The hack involved creating spoofed websites resembling that of the login pages for the said 76 universities. An estimated 16 domains contained over 300 spoofed websites including online libraries.

Targets are sent links to the fraudulent domains through phishing emails. Those who have fallen prey and filled in their credentials into the fake pages would have handed the group their login details. After “successfully” logging in, users are then sent onwards to the real service while this information is saved by the cyberattackers to gain access to legitimate systems.