PhishLabs, a Charleston startup that specializes in Phishing protection, shared what it detected with the FBI about a sophisticated Iranian-based hacking campaign that targeted academic research computers and led to the U.S. government levying indictments and sanctions. The value of the stolen data was pegged as $3.4 billion, and it is being called “one of the largest state-sponsored hacking campaigns ever prosecuted.”
“Silent Librarian” was PhishLabs’ name for their surveillance, as it had been tracking the breaches since late 2017. The firm found that in a span of five years more than 300 universities in 22 countries were targeted.
“Looking at the list of university targets, it is clear that they are not randomly selected. All of the universities targeted in the Silent Librarian campaigns are generally prominent research, technical or medical universities,” Crane Hassold, the Director of Threat Intelligence at PhishLabs, wrote on a company blog post that chronicled his company’s role in investigating and explaining the attacks.
Nine Iranians were indicted for selling the stolen data, which prosecutors say surpassed 31 terabytes of data. The accused are all linked to the Mabna Institute, a private company in Iran that the US alleges conducts hacking for the Islamic Revolutionary Guard Corps.
While the indictment goes into detail about the highly crafted “spear phishing” campaigns on professors, PhishLabs said it tracked attacks on students and faculty to collect credentials for the victims’ university library accounts. PhishLabs said it has identified more than 750 phishing attacks attributed to Silent Librarian.
“The most notable thing about them was that they were incredibly realistic-looking,” said PhishLabs’ Hassold, who also is a former FBI analyst. “Their spelling and grammar was perfect. They were thematically relevant, naming the university in the lure.”
Thousands of victims took the bait and surrendered their account credentials. The attackers then had the access to steal enormous collections of valuable academic research. A Post and Courier story notes that “To run through that much data, you’d need to watch Netflix nonstop for a year.”
Silent Librarian also went after non-academic institutions, such as Los Alamos National Laboratory, Memorial Sloan Kettering Cancer Center and Thomson Reuters.