- I recommend the Pixel 9 to most people looking to upgrade - especially while it's $250 off
- Google's viral research assistant just got its own app - here's how it can help you
- Sony will give you a free 55-inch 4K TV right now - but this is the last day to qualify
- I've used virtually every Linux distro, but this one has a fresh perspective
- The 7 gadgets I never travel without (and why they make such a big difference)
Universities Attacked by Phishing Campaign
Universities and colleges around the world are being targeted by a new phishing campaign, according to fresh research published by RiskIQ.
Among the educational establishments to be hit by the Shadow Academy campaign are Louisiana State University (LSU) in the United States and Oxford, Brighton, and Wolverhampton Universities in the United Kingdom.
RiskIQ researchers got wind of Shadow Academy threat actors’ malicious activity at the beginning of July 2020, when it showed up on their internet intelligence graph.
By tracking the campaign from July to October 2020, researchers uncovered 20 unique targets in Australia, Afghanistan, the UK, and the USA.
According to researchers, the tactics, techniques, and procedures (TTPs) used across the campaign’s attack were “similar” to those deployed by the Mabna Institute, an Iranian company that, according to the FBI, was created for illegally gaining access “to non-Iranian scientific resources through computer intrusions.”
Researchers found that 63% of the universities were targeted with general access or student portal attacks, 37% were targeted with library-themed attacks, and 11% of the universities were hit with attacks themed around financial aid.
LSU, which suffered a student portal domain shadowing attack, was the first target identified by RiskIQ crawl data.
“Domain shadowing intercepts account traffic flowing to existing, registered, and otherwise trustworthy web domains,” wrote researchers.
“First, threat actors steal domain account credentials. They then register unauthorized subdomains to point traffic to malicious servers or, in this case, create phishing pages.”
Researchers discovered that Shadow Academy had hosted similar malicious infrastructure to orchestrate attacks against three other universities.
“RiskIQ’s internet intelligence graph helped unearth a new batch of compromised domains by keying in on the URL structure and date range of registration,” noted researchers.
“Subdomains created from these domains spanned multiple campaign themes, which focused primarily on credential harvesting and financial theft.”
The credential-harvesting URLs detected by researchers were mainly focused on services like Amazon, Instagram, and online banking.
Researchers believe the timing of the campaign’s launch was chosen to coincide with the July release of timelines for on-campus operations by many college campuses.
