Silent Librarian

Also known as: COBALT DICKENS, Cobalt Dickens, Mabna Institute, Mabna Institute Group, SCHOLAR KITTEN, Silent Librarian, TA407, TA4900, Yellow Nabu

Silent Librarian is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of Silent Librarian are known to have been affiliated with the Iran-based Mabna Institute which has conducted cyber intrusions at the behest of the government of Iran, specifically the Islamic Revolutionary Guard Corps (IRGC). DOJ Iran Indictments March 2018 Phish Labs Silent Librarian Malwarebytes Silent Librarian October 2020

๐ŸŒ Country Iran
๐Ÿงญ ATT&CK G0122

Introduction

Silent Librarian is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of Silent Librarian are known to have been affiliated with the Iran-based Mabna Institute which has conducted cyber intrusions at the behest of the government of Iran, specifically the Islamic Revolutionary Guard Corps (IRGC). DOJ Iran Indictments March 2018 Phish Labs Silent Librarian Malwarebytes Silent Librarian October 2020

Activities and Tactics

Country of Origin: ๐Ÿ‡ฎ๐Ÿ‡ท Iran

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • CyberGate:
  • Cyber Eye RAT:

Attribution and Evidence

Country of Origin: Iran Additional attribution information pending cataloguing.

References

[1] mitre-attack [4] DOJ Iran Indictments March 2018 DOJ. (2018, March 23). U.S. v. Rafatnejad et al . Retrieved February 3, 2021. [5] Phish Labs Silent Librarian Hassold, Crane. (2018, March 26). Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment. Retrieved February 3, 2021. [6] Malwarebytes Silent Librarian October 2020 Malwarebytes Threat Intelligence Team. (2020, October 14). Silent Librarian APT right on schedule for 20/21 academic year. Retrieved February 3, 2021. [7] Proofpoint TA407 September 2019 Proofpoint Threat Insight Team. (2019, September 5). Threat Actor Profile: TA407, the Silent Librarian. Retrieved February 3, 2021. [8] Secureworks COBALT DICKENS August 2018 Counter Threat Unit Research Team. (2018, August 24). Back to School: COBALT DICKENS Targets Universities. Retrieved February 3, 2021. [9] Secureworks COBALT DICKENS September 2019 Counter Threat Unit Research Team. (2019, September 11). COBALT DICKENS Goes Back to Schoolโ€ฆAgain. Retrieved February 3, 2021.