Cobalt Dickens, a threat actor associated with the Iranian government, ran a phishing operation in July and August that targeted more than 60 universities in countries on four continents. The group’s hacking activity affected at least 380 universities in more than 30 countries, many of the targets being hit multiple times. It used at least 20 new domain names registered using the Freenom service that offers free top-level domain names. Most of the certificates observed in this campaign are free, issued by the Let’s Encrypt non-profit certificate authority.
Source: https://www.bleepingcomputer.com/news/security/iranian-hackers-hit-over-60-universities-to-get-library-access/