At least seven Australian universities have been attacked by cyber criminals in a global action targeting researchers.
The attack was discovered by Secureworks' Counter Threat Unit (CTU), which said is similar to previous cyber operations by Cobalt Dickens — a threat group associated with the Iranian Government.
Secureworks, which is part of the Dell Technologies group, first found a URL spoofing a login page for one university.
Further research into the IP address hosting the spoofed page revealed a broader campaign created to steal credentials, specifically those of students and professors conducting research.
Sixteen domains contained more than 300 spoofed websites and login pages for 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.
Users would be directed to the legitimate website after entering their credentials into the fake login page.
"Numerous spoofed domains referenced the targeted universities' online library systems, indicating the threat actors' intent to gain access to these resources," Secureworks stated in a blog post.
"CTU researchers were unable to confirm functionality of all identified spoofed pages because some of the domains were not accessible at the time of analysis.
"Many of the domains were registered between May and August 2018, with the most recent being registered on August 19. Domain registrations indicate the infrastructure to support this campaign was still being created when CTU researchers discovered the activity."
According to Secureworks, universities make attractive targets for those interested in accessing intellectual property.
"Universities are known to develop cutting-edge research and can attract global researchers and students," Secureworks explained.
According to the security specialist, universities are more difficult to secure than regulated services such as healthcare or financial institutions.
In July, Chinese hackers got inside the Australian National University (ANU) systems, the ABC reported.
The systems had been compromised in 2017 and the ANU said it was working with intelligence agencies for months to minimise the impact of the threat.
"The university has been working in partnership with Australian government agencies for several months to minimise the impact of this threat, and we continue to seek and take advice from Australian government agencies," ANU told the ABC.
On 27 August, the Australian Competition and Consumer Commission (ACCC) revealed that Australian citizens have lost $4.4 million to scammers trying to gain access to their computers so far in 2018.
ACCC’s Scamwatch website has recorded a significant spike in remote access scams with more than 8,000 reports recorded in 2018.
According to the ACCC, there was a significant increase in scams impersonating well-known brands or the police in order to steal money or banking information.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.