Iranian Hackers Charged Last Week Were Actually Pretty Damn Good Phishers

[Faybert]

The group of Iranian hackers the US charged last week with hacking over 300 universities across the globe were actually master phishers astute at their craft, so much so that they used the same phishing lure for years without needing to change it.

This information was not included in the official indictment released last week but published yesterday in a report by PhishLabs, a company that detected and tracked the group, and later shared some of its findings with investigators.

Hackers used the same "library" angle for 4 years
PhishLabs says the Iranian group —known as the Mabna hackers— used the same phishing lure for four years, since at least February 2014.

Besides small spelling error corrections, the message remained the same until late last year, when PhishLabs stumbled over the group's existence
....
....

Phishing lures barely changed because they were so successful
"Silent Librarian phishing campaigns [and] tactics have barely changed over time," Hassold says. "Outside the correction of a few minor spelling errors, the content of the phishing lures has remained incredibly consistent."

"The likely reason for this consistency is that the success rate of campaigns using these lures was high enough that there was no need for them to evolve," he added.

It's because of this level of attention to details that the attacks were so successful. The FBI said hackers breached 144 US universities and 176 universities in 21 foreign countries, from where they stole over 31.5 terabytes of academic data and intellectual property.
...
...