The hackers pretended to be professors, appealing to Achilles’ heel of academics: their egos. Posing as admiring colleagues from other universities, they emailed their targets, claiming they had enjoyed their articles and wanted to read more of their work. The emails contained links to articles the “professors” claimed they could not access.
Once the actual professors clicked on these links, they were redirected to what seemed to be the login page for their universities, making it appear they had somehow inadvertently signed out. But the login page was fake. And once the professors entered their usernames and passwords, the information was captured by the hackers, who then had free rein over their accounts.
This wasn’t the work of run-of-the-mill cybercriminals. In March 2018, federal prosecutors in New York unsealed a shocking indictment: nine Iranians, prosecutors said, working on behalf of the Islamic Revolutionary Guard Corps (IRGC), had undertaken a “massive, coordinated” hacking campaign that targeted hundreds of universities across the globe, including 144 based in the United States, as well as private U.S. and European companies, U.S. federal agencies and state governments, and the United Nations.
From at least 2013, these IRGC-sponsored hackers tried to infiltrate about 50,000 academic email accounts in the United States, said prosecutors, and successfully compromised roughly 3,700 of them. The hackers allegedly stole $3.4 billion in intellectual property and academic data from U.S.-based universities alone in “one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice,” said Geoffrey Berman, the U.S. attorney for the Southern District of New York, at a press conference announcing the charges.
Many countries have military and intelligence agencies that operate abroad, but few are as far-reaching or prolific as the Revolutionary Guard, which has been involved in everything from conducting espionage campaigns in Europe and the Americas to supporting proxy forces in Lebanon, Iraq, Syria and Yemen.