Mabna Institute

The Mabna Institute, also known as TA407, Silent Librarian, and Cobalt Dickens, is a prominent threat actor primarily targeting universities and higher education institutions worldwide. The group executes low-volume, target-specific campaigns involving tens or hundreds of messages. Their tactics, techniques, and procedures are sophisticated and designed to steal intellectual property for financial gain. This Iran-based entity is believed to be affiliated with the Iranian government, adding a geopolitical dimension to its cyber operations. In March 2018, the U.S. Department of Justice indicted the Mabna Institute and nine Iranian nationals in relation to their malicious cyber activities. These activities, attributed to COBALT DICKENS, occurred between 2013 and 2017. The indictment accused them of compromising hundreds of universities to steal intellectual property, which benefited them financially. Mostafa Sadeghi, a prolific Iran-based computer hacker, was named in the indictment as an affiliate of the Mabna Institute, further highlighting the organized nature of these cyber attacks. Following this indictment, cybersecurity firm Secureworks provided additional details on the Mabna Institute's operations. Their research added context to the indictment, shedding light on the scale and impact of the institute's actions. Deputy Attorney General Rod Rosenstein publicly announced the indictment, raising awareness about the ongoing threat posed by the Mabna Institute. Despite the legal action taken against them, it remains crucial for organizations, especially educational institutions, to stay vigilant and maintain robust cybersecurity defenses.