In December, PhishLabs, a startup based in South Carolina, uncovered “one of the largest state-sponsored hacking campaigns ever prosecuted”, according to Justice Department officials.
Crane Hassold, the company’s director of threat intelligence, was just researching cyber attacks targeting universities when he saw the first traces of the Iranian Regime’s cyber attacks; dozens of web pages mimicking university websites.
He began to dig, getting information about who started the websites and finding more of these pages, and came to the conclusion that over 300 US universities had been targeted over the past five years. He then shared this information with the FBI.
The University professors would receive fake emails asking them to update their login information and once they had, the hackers would use that login to gain access to library materials.
Hassold believes that the hacks were designed to find proprietary research within the universities’ library systems, which was then shared with the Iranian Regime.
He said: “The phishing pages were all targeted specifically toward the libraries of the universities, so it was very unique and something I’d never seen before. If you looked at the list of universities, it’s certainly not like they were selected at random. They were selected for a reason.”
Others targeted in this cyber attack include the United Nations, two federal agencies, two states, and dozens of private businesses.
In a blog post released on Monday, Hassold said that the Iranian campaign was a sleek and large-scale example of a phishing scam.
The Department of Justice confirmed that this attack was carried out by hackers at the Mabna Institute, which they believe was specifically formed by Iran’s Revolutionary Guard (IRGC) to carry out the attack. The IRGC is a paramilitary group that is run solely by Supreme Leader Ali Khamenei.
Nine Iranians have been indicted by the Justice Department, which means that they will risk extradition if they leave Iran, but it is unlikely these hackers will ever face trial.
The Treasury Department has also issued sanctions against them and the Mabna Institute, which freeze their assets and prevent them from doing business with Americans.
Geoffrey Berman, U.S. Attorney for the Southern District of New York, said: “We have unmasked criminals who normally hide behind the ones and zeros of computer code. The only way they will see the outside world is through their computer screens, but stripped of their greatest asset — anonymity.”