Shortly after it was revealed that a number of think tanks in the UK that specialised in discussing issues pertaining to defence and international security were targeted by Chinese hackers, the National Cyber Security Centre said that the Mabna Institute based in Iran is targeting universities in the UK primarily for the purposes of intellectual property theft.
Nine employees at the Iran-based Mabna Institute have been indicted by the U.S. for carrying out a global hacking campaign targeting TV company HBO. Employees at the institute are also suspected to have carried out cyber attacks on several universities in the UK as well as in several other Western countries.
The UK’s intellectual property at risk
In a press release, the UK’s National Cyber Security Centre (NCSC) said that it “assesses with high confidence that the Mabna Institute are almost certainly responsible for a multi-year Computer Network Exploitation (CNE) campaign targeting universities in the UK, the US, as well as other Western nations, primarily for the purposes of intellectual property (IP) theft.”
“The UK Government judges that the Mabna Institute based in Iran was responsible for a hacking campaign targeting universities around the world. By stealing intellectual property from universities, these hackers attempted to make money and gain technological advantage at our expense,” said Lord Tariq Ahmad, the Foreign Office Minister for Cyber.
“We welcome the US indictments. It demonstrates our willingness and ability to respond collectively to cyber-attacks using all levers at our disposal. The focus on universities is a timely reminder that all organisations are potential targets and need to constantly strive for the best possible cyber security,” he added.
This isn’t the first time that hackers based abroad are targeting universities based in the UK or in the rest of Europe. Last year, a Freedom of Information request by The Times revealed that universities in the UK were targeted by as many as 1,152 phishing, DDoS, and ransomware attacks in 2016-17. The number of cyber-attacks on premier universities doubled in two years and also affected noted institutions like Oxford, Warwick and University College London.
“Universities drive forward a lot of the research and development in the UK. Intellectual property takes years of knowhow and costs a lot. If someone can get that very quickly, that’s good for them,” said Carsten Maple, director of cyber security at the University of Warwick to The Times.
Dr Anton Grashion, head of security practice at Cylance, told BBC that most universities have small security and staffing budgets which makes securing their network environments a challenging task in the face of an increase in security breaches.
According to research by Barracuda, 76% of all ransomware attacks on individuals and educational institutions were conducted using phishing emails. Recently, hackers impersonated the Student Loans Company on emails to extract personal details of hundreds of new and existing university students. Fortunately, the company as well as Action Fraud detected the scam on time and released advisories to students and the general public.
Rising profile of Iranian hackers
The NCSC’s statement adds to the mounting evidence on how state-sponsored hackers in Iran are using various hacking tools not only to steal sensitive data, but also to carry out round-the-clock surveillance on people and institutions in the West.
For example, the National Council of Resistance of Iran revealed in February how the elite Iranian Revolutionary Guard injected advanced spying tools into apps to carry out surveillance on millions of Iranians and people in Western countries.
“The dissemination of these apps outside of Iran will enable the IRGC to spy globally and at will. Some of these apps are also available on App Store, GitHub and Google Play despite reports and user reviews warning they contain spyware embedded by the Iranian regime’s app developers. The spread of these apps outside Iran will put Internet users across the world at significant risk, increasing the rate of malware infections,’ the group said.