Iranian hackers attack UK universities to steal secret research

Targeting of online academic resources is similar to previous cyber operations by Iran-based group Cobalt Dickens

Anthony Cuthbertson
Friday 24 August 2018 16:27 BST
Comments
Iran-based hackers targeted 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States
Iran-based hackers targeted 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States (Getty Images/iStockphoto)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers linked with the Iranian government are targeting universities and academic institutions around the world as part of a major campaign to steal unpublished research and obtain intellectual property, security researchers have revealed.

Cyber experts from IT firm Secureworks discovered the attacks, which they believe stem from the Cobalt Dickens group operating out of Iran.

The hackers targeted 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States

As the investigation is still ongoing into the hacking attacks, Secureworks has not shared the full list of universities. However, the firm told The Independent that targets include universities listed in the Times Higher Education Top 50..

Countries with targeted universities. The darker the color, the higher the number of affected universities
Countries with targeted universities. The darker the color, the higher the number of affected universities (Secureworks)

The campaign involved creating fake websites that resembled the login pages for each university.

Anyone who accidentally filled in their account name and passwords to the spoofed login pages would have handed the group their login credentials.

After filling in their details, victims would be automatically redirected to the legitimate website, meaning they may have been unaware that they had fallen for the hack.

Most of the domains for the fake websites were registered between May and August of this year, with the most recent registration on 19 August.

"The targeting of online academic resources is similar to previous cyber operations by COBALT DICKENS, a threat group associated with the Iranian government," a spokesperson for Secureworks said.

"In those operations, which also shared infrastructure with the August attacks, the threat group created lookalike domains to phish targets and used credentials to steal intellectual property from specific resources, including library systems."

Earlier this year, the US Justice Department charged nine Iranians for conducting a massive cyber theft campaign on behalf of the Iranian government.

The indictment alleged that the Iranians stole more than 31 terabytes of documents and data from more than 140 universities, 30 companies and five government agencies in the US.

"The hackers targeted innovations and intellectual property from our country’s greatest minds," US Attorney Geoffrey Berman said at the time.

"These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest. The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

It is unclear if these nine alleged hackers were involved in the latest attacks.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in