"Sixteen domains contained over 300 spoofed websites and login pages for 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom and the United States," the release said.
The hacker group was especially active this month, despite a March 2018 indictment by the US Department of Justice of the Mabna Institute and nine Iranian nationals in connection with Cobalt Dickens activity occurring between 2013 and 2017, the release explained.
READ MORE: Norway Claims Iranian Hackers Target Research Top Brass
Secure Works explained that universities are attractive targets for threat actors interested in obtaining intellectual property. In addition to being more difficult to secure than heavily regulated finance or healthcare organizations, universities are known to develop cutting-edge research and can attract global researchers and students.
The bogus websites directed computer users to the official university web pages and then asked users to re-enter their login credentials, the release noted.