Posted on October 31, 2018 at 3:11 PM
Some students in UK universities were sent phishing emails in order to gain access to their credentials. The attackers further created a similar website of the universities they targeted.
Iranian cybercriminals according to reports tried hacking into UK universities that offered government approved cybersecurity courses. The attack took months with the group targeting over 18 British universities. The report also indicated that these attacks included some renowned institutions including less popular universities, which has been certified by the National Cyber Security Centre (NCSC) to offer degrees in cybersecurity.
However, it is not clear if the universities at the center of these attacks were not included due to their affiliation with the NCSC. Nevertheless, NCSC half of the universities targeted had NCSC certification. There are rumors that the attack is related to a campaign held previously where dozens of universities were hacked with their research materials published on two Iranian websites.
Phishing for University Credentials
The attackers in trying to lure the students’ sent phishing emails to those with UK university logins in order to give up their passwords. Regrettably, certain students at the Lancaster University fell for the scheme and entered their credentials. Nevertheless, the University was swift to reset the password of those affected. Investigations were carried out to ascertain if the hackers have collected sensitive data.
The hackers further created fake websites that look similar to the universities sites they targeted. A fake website for Lancaster University and Warwick University were created in May and June respectively. However, those liable of attacking these universities took advantage of the internet “green padlock” system to lure victims into giving up their credentials by using padlock certificates gotten from the US Company “Let’s Encrypt”
Australian University hacked by Chinese Hackers
Recently, Australia’s top-ranked university had to spend months to deal with the threat to its computer systems, which experts said was compromised by Chinese hackers. Hackers breached the networks at the Australian National University, which was later traced to China. In a statement, the Australian National University informed the public of no research, student, or staff information was stolen by this latest threat. In a swift reaction, the government indicated that “nation states and criminal groups” were known to steal intellectual property while targeting universities. However, China wasn’t named as the instigator of the attacks. The government spokespersons in an email said the government is working closely with the university to find the underlying cause of the incident.
Previously, the Australian’s cybersecurity agency had blamed foreign intelligence service without proper investigation for a 2015 malware attack. Tim Wellsmore of FireEye Inc. said, “We don’t have information on this specific incident but organizations which conduct research with defense applications are regular targets of advanced cyber-attacks.”