← threatfilter.dev / all groups / Silent Librarian
Silent Librarian
Also known as: TA407 · COBALT DICKENS
Overview
Silent Librarian is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of Silent Librarian are known to have been affiliated with the Iran-based Mabna Institute which has conducted cyber intrusions at the behest of the government of Iran, specifically the Islamic Revolutionary Guard Corps (IRGC).
TTPs — 13 techniques across 5 tactics
Reconnaissance
-
T1589.002Email Addresses -
T1589.003Employee Names -
T1594Search Victim-Owned Websites -
T1598.003Spearphishing Link
Resource Development
-
T1583.001Domains -
T1585.002Email Accounts -
T1588.002Tool -
T1588.004Digital Certificates -
T1608.005Link Target
Stealth
-
T1078Valid Accounts
Credential Access
-
T1110.003Password Spraying
Collection
-
T1114Email Collection -
T1114.003Email Forwarding Rule
Reporting (3)
- Silent Librarian APT right on schedule for 20/21 academic year — Malwarebytes Threat Intelligence Team
- COBALT DICKENS Goes Back to School…Again — Counter Threat Unit Research Team
- Threat Actor Profile: TA407, the Silent Librarian — Proofpoint Threat Insight Team