COBALT DICKENS

Threat Actor updated a month ago (2024-11-29T14:13:06.995Z)
Download STIX
Preview STIX
COBALT DICKENS is a notable threat actor group known for its malicious activities in the realm of cybersecurity. This group has been particularly active in hosting phishing websites, with significant operations noted in July and August 2019. CTU researchers discovered this large global phishing operation, which involved sending phishing messages containing links to COBALT DICKENS domains. To mimic legitimate sites, the group used publicly available tools such as the SingleFile plugin and the HTTrack Website Copier to copy the login pages of targeted resources, notably universities. The group's tactics include creating spoofed web pages that closely resemble the original ones, often using older copied versions of target websites. Metadata from these spoofed pages indicated that an Iran-based threat actor might be behind these operations. The lack of standardization in the naming conventions within the cybersecurity industry makes it challenging to definitively attribute these activities. However, the consistent targeting of certain entities, such as universities, suggests a persistent and organized threat actor at work. In response to the escalating threat posed by COBALT DICKENS, CTU researchers have compiled a list of all known domains associated with the group's operations to raise awareness and limit their activities. Despite these efforts, numerous organizations, including universities, have been repeatedly targeted by COBALT DICKENS, as seen in the campaigns of August 2018 and August 2019. This underlines the importance of continued vigilance and proactive measures to counter this persistent cyber threat.
Description last updated: 2024-05-04T23:44:01.842Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the COBALT DICKENS Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more