Iranian hackers have reportedly entered networks at British universities to steal academic research documents which are now for sale on WhatsApp.

The Telegraph reported that some of the papers covered topics including nuclear development and computer encryption.

The documents are being sold on Farsi language websites in addition to the WhatsApp messaging app. The price of papers vary but they start at £2.

The intellectual property theft was initially reported last month by Secureworks researchers who discovered a URL spoofing a login page for a university, tricking people into giving them their usernames and passwords: the tip of what turned out to be a credential-stealing iceberg.

According to Sophos, 16 domains were uncovered containing over 300 spoofed websites and login pages for a global campaign targeting 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the UK, and the US.

Secureworks tied the campaign to the Iranian government.

“In February, the US indicted nine Iranian nationals for alleged computer intrusion, wire fraud, and aggravated identity theft. The indictment alleged that the men were involved in a scheme to obtain unauthorized access to computer systems, steal proprietary data from those systems, and sell the stolen data to Iranian customers, including the Iranian government and Iranian universities.”

Dave Palmer, a former MI5 and GCHQ officer, told The Telegraph:

“Universities should be worrying about it.”


  1. I have no idea why we tell the world who is developing UK tech. Look at Magma, we’ve to the world that the University of Manchester is involved so anyone wanting to obtain data can target the University.

      • It’s not unique to the UK. When it’s in universities it’s academic research so who is working on what and where is in the public domain, in fact a researcher is to a large extent judged by the number of papers that they publish in academic journals, weighted for the prestige of the journals in which their papers appear, so simply subscribing to the appropriate journals is a good way to map the world wide network of who’s doing what where.

        Academic departments world wide are also very explicit and specific about their key staff’s particular areas of interest in order to recruit new researchers and as those researchers are recruited onto projects those researchers will also get their own publicly accessible web pages on their university department’s web site where they list what they are working on and give links to any papers that they have published.

        Presumably this illicit stuff is hacking into unpublished internal documents but in terms of knowing which university departments’ systems to try and hack into I’m afraid that universities all over the world give abundant clues as to who is doing what and that’s pretty difficult to avoid if you want to foster collaboration, peer review of results, recruit appropriately skilled researchers, etc.

        It is embarrassing if our universities have just been shown to be far more open to attack than other universities in the USA, the rest of Europe etc (and I wonder if that is really the case) but telling people who is doing what and where is not the issue, it’s how academia works everywhere.

        If it’s outside of academic research that is a different issue and there I would hope that company-internal and government-research-lab stuff is kept covert as possible when appropriate but it seems to be academic research that they are talking about here.

  2. This p****s me off. It’s like giving away freebies to all who would take advantage of our tech and research.

    And to rub salt in they are selling it too!


Please enter your comment!
Please enter your name here