A hacking group linked to Iran may have targeted British universities as part of a campaign to steal student credentials, cyber security experts have said.
Researchers from the Secureworks Counter Threat Unit (CTU) said the group, called Colbalt Dickens, was “likely responsible” for an attack on 76 universities in 14 countries, including the UK.
The researchers found more than 300 spoofed websites and login pages for the different institutions, which would ask users to enter their usernames and passwords before re-directing them into the legitimate website.
Evidence was found to suggest the hackers were intending to gain access to the universities’ online library systems.
CTU said the targeting of online academic resources showed similarities to previous operations by Cobalt Dickens, where the group created lookalike domains and used credentials to steal intellectual property from specific resources, including library systems.
In March, nine Iranian nationals were charged by the US Department of Justice with cyber theft, and were accused of hacking into hundreds of university systems.
A spokesman for CTU said: “Universities are attractive targets for threat actors interested in obtaining intellectual property.
“In addition to being more difficult to secure than heavily regulated finance or healthcare organisations, universities are known to develop cutting-edge research and can attract global researchers and students.”
Most of the spoof domains were registered between May and August this year, with the most recent being created on August 19.
The universities targeted in the alleged attack have not been named, but some are reported to be among the Times Higher Education’s list of the UK’s top 50.