Iranian Hackers Hit Home at the University of Oregon

School originally said the attack 'missed' the UO

BlogNews by Camilla MortensenPosted on

Back in March when the news of Iranian hackers had hit more than 300 universities located in the U.S. and abroad in a cyber attack, the University of Oregon issued a statement saying the “spear phishing” attack had missed the UO. However, the school’s Daily Emerald newspaper recently dug up information showing that in fact the usernames and passwords of 62 UO professors were stolen between 2014 and 2017.

Spear phishing is a more targeted form of phishing in which hackers are trying to steal data or install malware.

After the cyberattacks were announced nationally, the UO issued a statement on its “Around the O” website that “UO’s Information Security Office has found no effect on Oregon faculty.”

But Michael Tobin, an Emerald reporter who is also a Eugene Weekly intern, writes that the Emerald obtained Department of Justice documents and a grand jury subpoena showing that UO faculty were phished in the hack. A letter to the UO states, “professor accounts at your institution and other universities have been targeted” by the spear phishing campaign. The names of the specific professors who were spear phished are redacted in the letter.

According to a news release from the FBI, “The hackers were affiliated with the Mabna Institute, an Iran-based company created in 2013 for the express purpose of illegally gaining access to non-Iranian scientific resources through computer intrusions. Members of the institute were contracted by the Islamic Revolutionary Guard Corps — one of several entities within the Iranian government responsible for gathering intelligence — as well as other Iranian government clients.”

The hackers “did not seek any UO specific data or research,” the Emerald story says. Rather, the the hackers “were looking to use login credentials to access academic journals that UO faculty members have subscriptions to.”

In response to the Emerald, UO spokeswoman Molly Blancett writes in an email that “We have no indication based upon internal forensics that any UO data was stolen,” and that “the FBI confirmed that they had no indication in their investigation that UO data was a Mabna target.”

The FBI issued indictments and sanctions against the hacker network.

You can read the full story here.