A cyber threat actor known as “Silent Librarian” has targeted King’s College London along with many other universities globally via a method known as spear phishing.
Spear phishing is a scam which targets specific individuals or institutions by tricking users into thinking they are on trustworthy sites or using trustworthy links when they are actually exposing themselves to malware attacks and data breaches. The “Silent Librarian” group, alleged to be operating out of Iran, has set up fake websites, designed to appear identical to university websites but with the hidden ability to extract data from users. Students should be wary of any links or web addresses associated with KCL that look unfamiliar.
The cybersecurity company Malwarebytes announced that the new threat was reported to them in mid-September and say that the activities of the “Silent Librarian” group operate globally and are not limited to specific countries. The nine members of the hacking group were indicted by the US Department of Justice in 2018 for conducting attacks against universities with the goal of stealing research.
IT administrators at KCL and at other universities have an especially hard time protecting against such threats as the online behaviours of students and lecturers make them among the most difficult to protect. This comes at a time when KCL, as well as many other universities, are more and more reliant on cyberspace to conduct teaching and research. While KCL’s digital infrastructure was identified as one of only a few UK universities with the capacity for high-quality online teaching, this online capability clearly comes with associated risks.
Students await guidance on how to stay safe online as KCL have not yet commented on the “Silent Librarian” threat.