Iranian APT set up a new campaign to target universities around the world when schools and universities went back. Threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools went back in August. The new campaign has been tracked by several security researchers on Twitter, notably Peter Kruse from the CSIS Security Group. It follows the same pattern in phishing domain registration pattern as previously reported, except that they swap the top level domain name for another.”]
Source: https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/

