London university targeted by Iranian hackers
A cybersecurity company has accused Iranian hackers of impersonating academics at London’s School of Oriental and African Studies (SOAS) to target Middle East experts.
Proofpoint said the intrusions were launched by the Charming Kitten group, which is also known as Phosphorus and APT35.
The outfit is believed to regularly conduct hacking attempts for the Islamic Revolutionary Guard Corps, Iran’s asymmetric warfare force.
Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), recently warned that Tehran is seeking to use cyber strategies to “sabotage and steal” from UK institutions.
NCSC reports have detailed the specific risk from Iranian cyberespionage on UK universities. Its warnings were highlighted following Tehran’s efforts in 2018 to gather personal details from university staff by duping them with phony websites.
The NCSC said it is aware of this latest attack by the Iranian
The operation proved that state-sponsored hackers “are really back in the seat,” said Sherrod DeGrippo, Proofpoint’s senior director of threat research.
outfit. The attack saw hackers impersonating SOAS academics in fake emails, asking professors, journalists and other Middle East experts to attend conferences and discussions.
After conversing and gaining their trust, the Iranian hacking group sent the experts to a spoof web page that they had added to an independent radio station based at SOAS. The page invited the experts to submit their personal details, including a password, to access the fake events.
Details harvested by the cyber operation were then used to access other sites, such as the experts’ email accounts.
Proofpoint said the Iranian group may have also used mobile numbers gathered at the site to infect phones with malware.
It said it knew of around a dozen experts who were targeted, most of them based in Britain and the US.