Description
[Silent Librarian](https://attack.mitre.org/groups/G0122) is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of [Silent Librarian](https://attack.mitre.org/groups/G0122) are known to have been affiliated with the Iran-based Mabna Institute which has conducted cyber intrusions at the behest of the government of Iran, specifically the Islamic Revolutionary Guard Corps (IRGC).(Citation: DOJ Iran Indictments March 2018)(Citation: Phish Labs Silent Librarian)(Citation: Malwarebytes Silent Librarian October 2020)
Techniques Used (TTPs)
- T1588.004 — Digital Certificates (resource-development)
- T1594 — Search Victim-Owned Websites (reconnaissance)
- T1114 — Email Collection (collection)
- T1598.003 — Spearphishing Link (reconnaissance)
- T1589.003 — Employee Names (reconnaissance)
- T1114.003 — Email Forwarding Rule (collection)
- T1585.002 — Email Accounts (resource-development)
- T1589.002 — Email Addresses (reconnaissance)
- T1608.005 — Link Target (resource-development)
- T1110.003 — Password Spraying (credential-access)
- T1583.001 — Domains (resource-development)
- T1588.002 — Tool (resource-development)
- T1078 — Valid Accounts (defense-evasion, persistence, privilege-escalation, initial-access)
Total TTPs: 13