Nation-State Actor
Silent Librarian
Iran • Active since 2013
Silent Librarian hacks universities to steal research papers and intellectual property. They send fake library emails to professors and students to steal their passwords, then download massive amounts of academic research.
Overview
Silent Librarian is an Iranian threat group that targets universities and academic institutions to steal research and intellectual property. The group operates on behalf of the Mabna Institute.
Also Known As
TA407, Cobalt Dickens, Mabna Institute
Target Industries
Education, Research, Academic, Libraries, Think Tanks
Target Regions
United States, Europe, Australia, Global
Is your business exposed?
Tactics, Techniques & Procedures
- • Library-themed phishing
- • Credential harvesting
- • Research database access
- • Massive document theft
- • Academic targeting
Known Tools & Malware
Phishing kits, Credential harvesters, Custom web proxies
Notable Campaigns
University Research Theft (2013-present)
Ongoing campaign targeting 300+ universities across 22 countries.
DOJ Indictment Response (2018)
Continued operations despite US indictment of nine Iranian nationals.
MITRE ATT&CK Techniques
T1566.002, T1078, T1213, T1530, T1114
Defense Recommendations
- 1.
Deploy phishing-resistant MFA for university accounts
- 2.
Train academic staff on library phishing
- 3.
Monitor for unusual database access patterns
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required