The Secureworks CTU report found that, despite a March 2018 US Department of Justice indictment of nine Iranian nationals for conducting an earlier "massive cyber theft campaign" on behalf of the Islamic Revolutionary Guard Corps, the Cobalt Dickens group carries on regardless.
"In July and August 2019, CTU researchers discovered a new large global phishing operation. This operation is similar to the threat group's August 2018 campaign, using compromised university resources to send library-themed phishing emails," said the CTU report.
While previous campaigns obfuscated the attack infrastructure with URL link-shorteners; the current one uses spoofed library resource logins with no attempt to hide the URLs. As users become increasingly aware of phishing tactics, becoming more wary if a link is obfuscated, this technique of lateral phishing is not too surprising. Read more..