From 7e329855b2e8815070269d72d9789ca4c71728fe Mon Sep 17 00:00:00 2001 From: StefanKelm Date: Thu, 2 May 2019 15:34:19 +0200 Subject: [PATCH] Update threat-actor.json Silent Librarian / COBALT DICKENS --- clusters/threat-actor.json | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7e79a6e6..b7227e98 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -6694,7 +6694,23 @@ }, "uuid": "ce7bba52-5ae8-44ea-9979-68502d832ab7", "value": "Sea Turtle" + }, + { + "description": "Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The information stolen from these universities was used by the Islamic Revolutionary Guard Corps (IRGC) or sold for profit inside Iran. PhishLabs has been tracking this same threat group since late-2017, designating them Silent Librarian. Since discovery, we have been working with the FBI, ISAC partners, and other international law enforcement agencies to help understand and mitigate these attacks.", + "meta": { + "refs": [ + "https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment", + "https://info.phishlabs.com/blog/silent-librarian-university-attacks-continue-unabated-in-days-following-indictment", + "https://www.justice.gov/usao-sdny/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic", + "https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities" + ], + "synonyms": [ + "COBALT DICKENS" + ] + }, + "uuid": "5059b44d-2753-4977-b987-4922f09afe6b", + "value": "Silent Librarian" } ], - "version": 108 + "version": 109 }