Security News > 2020 > October > Iran-Linked 'Silent Librarian' Back at Phishing Universities
Iran-linked state-sponsored threat actor 'Silent Librarian' has launched another phishing campaign targeting universities around the world.
Silent Librarian, Malwarebytes' security researchers reveal, has sent spear-phishing emails to both staff and students at the targeted universities, and the threat actor was observed setting up new infrastructure to counter efforts to take down its domains.
Considering Silent Librarian's use of similar domains to target universities in the past, Malwarebytes researchers are confident the new domains were registered by the same group.
While the use of infrastructure located in the attacker's own country might seem surprising, the researchers explain that it only shows that the adversary can leverage yet another bulletproof hosting option, the result of a lack of cooperation between US and European law enforcement and local police in Iran.
"Clearly we only uncovered a small portion of this phishing operation. Although for the most part the sites are taken down quickly, the attacker has the advantage of being one step ahead and is going for many possible targets at once," Malwarebytes concludes.