On Friday, March 23, 2018, the United States Justice Department charged nine Iranians with the cyber theft of massive amounts of U.S. intellectual property.
Quoting from the Justice Department press release:
The defendants were each leaders, contractors, associates, hackers-for-hire or affiliates of the Mabna Institute, an Iran-based company that, since at least 2013, conducted a coordinated campaign of cyber intrusions into computer systems belonging to 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.
So, how did they do it? The indictment provides the details of how the universities were compromised.
The secret of Iran’s success – an email that pretends to be something interesting from someone you trust. Using spearphishing, Iran was able, according to the Justice Department, able to steal approximately 31.5 terabytes of academic data and intellectual property.