Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection.
The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has been on the prowl for credentials since the start of the 2019 school year in September, launching low-volume, highly-targeted, socially engineered emails that eventually trick students into handing over their login credentials.
But more recent campaigns show the cyberattackers using shortened URL links in their phishing emails, which make it more difficult to detect that victims are being redirected to an attacker-hosted landing page. The attackers have also revamped their landing pages with new university-specific banners, based on weather alerts or emergency notifications, to make them look more authentic.