VERY IMPORTANT

In March 2018, the U.S. Department of Justice indicted the Mabna Institute and nine Iranian associates for compromising hundreds of universities to steal intellectual property and benefit financially. Secureworks® Counter Threat Unit™ (CTU) researchers assigned the name COBALT DICKENS to this likely Iranian government-directed threat group. Despite this indictment and other disclosures of COBALT DICKENS campaigns, the threat group (also known as Silent Librarian) shows no signs of stopping its activity as of this publication. CTU™ researchers have observed the threat actors using free online services as part of their operations, including free certificates, domains, and publicly available tools.