All of the universities targeted in the Silent Librarian campaigns are generally prominent research, technical, or medical universities.https://t.co/WS382CZPUm pic.twitter.com/q HHd2baj Ta Phish Labs has been tracking this same threat group since late-2017, designating them Silent Librarian.Since discovery, we have been working with the FBI, ISAC partners, and other international law enforcement agencies to help understand and mitigate these attacks.Overall, the lures constructed by Silent Librarian are remarkably authentic-looking.
Spelling and grammar, two of the primary indicators of a malicious email, are nearly perfect.
For example, a recent campaign targeting an Australian university used the persona "Jonathon Dixon," while the persona identity "Shinsuke Hamada" was previously used in an email lure targeting a Japanese school. The group has used domains on other TLDs, though rather sparingly. The actors likely scrape the original HTML source code from the legitimate library login page, then edit the references to resources used to render the webpage (images, Java Script, CSS, etc.) to point back to the original page, a common tactic among (right).
Librarian dating comments