IRG0122

Silent LibrarianSilent Librarian

Also known as: COBALT DICKENS · Mabna Institute · TA407 · TA4900 · Yellow Nabu · Mabna Institute Group · Silent Librarian

Origin
IR
Known aliases
7

Profile

Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The information stolen from these universities was used by the Islamic Revolutionary Guard Corps (IRGC) or sold for profit inside Iran. PhishLabs has been tracking this same threat group since late-2017, designating them Silent Librarian. Since discovery, we have been working with the FBI, ISAC partners, and other international law enforcement agencies to help understand and mitigate these attacks.

Aliases· 7

COBALT DICKENSMabna InstituteTA407TA4900Yellow NabuMabna Institute GroupSilent Librarian

MITRE ATT&CK Group crosswalk

G0122

References

  1. https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment
  2. https://info.phishlabs.com/blog/silent-librarian-university-attacks-continue-unabated-in-days-following-indictment
  3. https://www.justice.gov/usao-sdny/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic
  4. https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary
  5. https://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again
  6. https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities
  7. https://www.proofpoint.com/us/threat-insight/post/seems-phishy-back-school-lures-target-university-students-and-staff
  8. https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Silence group
Actor
Madi
Actor
Educated Manticore
Actor
[Unnamed group]
Actor
Ababil of Minab
Group
APT39
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.