Secureworks® Counter Threat Unit™ (CTU) researchers reported that despite indictments in March 2018, the Iranian threat group is likely responsible for a large-scale campaign that targeted university credentials using the same spoofing tactics as previous attacks.
In August 2018, members of university communities worldwide may have been providing access to more than just homework assignments.
Secureworks CTU discovered a URL spoofing a login page for a university. Further research into the IP address hosting the spoofed page revealed a broader campaign to steal credentials. Sixteen domains contained over 300 spoofed websites and login pages for 76 universities located in 14 countries, including Australia, Canada, China, Holland, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.
The attacks used the tried-and-true social engineering tactic of phishing emails and spoofed login pages. Again a reminder that stepping your users through new-school security awareness training is not a nice-to-have... it's a must.
Full Story with list of spoofed domains here.
Now is a good time to review the 22 social engineering red flags to watch out for. It might be a good idea to print out this PDF and pass it along to family, friends, coworkers, students, etc. Remember to always think before you click!