SpoofedScholars: TA453 Targets Intelligence Interests Posing as British Scholars
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Spear Phishing
- Attack Complexity: Low
- Threat Risk: Low Impact/High Probability
Threat Overview
Iranian-state aligned actor TA453 has been covertly targeting individuals of intelligence interest to the Iranian government by masquerading as British scholars from the University of London's School of Oriental and African Studies (SOAS). The threat actor, targeted Middle Eastern experts, senior professors, and journalists. TA453 compromised a legitimate academic website to deliver personalized credential harvesting pages.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Case | SOAS University of London In order to covertly approach individuals, TA453 compromised the University of London's School of Oriental and African Studies website. University of London’s School of Oriental and African Studies (SOAS) is a public research university in London, England, and a member institution of the federal University of London. Founded in 1916, SOAS is located in the Bloomsbury area of central London. SOAS is one of the world's leading institutions for the study of Asia, Africa, and the Middle East. SOAS University of London has been targeted by TA453 with abusive purposes. | Verified |
| Sector | Journalists | Verified |
| Sector | Political | Verified |
| Sector | Researchers | Verified |
| Region | United Kingdom | Medium |
| Region | United States | Medium |
Extracted IOCs
- soasradio[.]org
- hannse.kendel4@gmail[.]com
- hanse.kendel4@gmail[.]com
- t.sinmazdemir32@gmail[.]com
- hxxps://soasradio[.]org/connect/?memberemailid=
Tip: 5 related IOCs (0 IP, 1 domain, 1 URL, 3 email, 0 file hash) to this threat have been found.