Threat Actors Target Academic Researchers in Phishing Schemes

Benjamin Wanger, Elana Weinblatt
BakerHostetler
Contact
LinkedIn
Facebook
X
Send
Embed

BakerHostetler

The FBI has announced that university aerospace researchers, both foreign and in the U.S., have become a target of a specific phishing scheme that is being conducted by threat actors. Specifically, researchers with access to key modeling and simulation software are being targeted. Threat actors are using legitimate names of U.S. researchers to create email accounts in an attempt to mislead the recipient of emails in order to gain access to computational fluid dynamics (CFD) modeling and simulation software, in addition to information used to test and develop hypersonic vehicles and other advanced aerospace technology. Researchers have reported the following software being targeted: US3D CFD, Kestrel, CHEM (a type of CFD) and LINK3D, among others. Of particular concern is export-controlled information, which if accessed without authorization could trigger regulatory reporting obligations.

Academic researchers and their partners should be particularly vigilant with email communications, given the prevalence of these types of phishing attempts. The FBI recommends individuals verify that received emails originate from the correct domain, be wary of threat actors’ social engineering attempts to impersonate people, look out for false claims that previous code files received to activate software were corrupted, and remain alert for emails requesting codes that do not align with the legitimate U.S. researchers’ interests or those that were developed by the researcher who is being impersonated. The FBI also recommends that researchers review email distribution lists related to CFD codes to ensure that all email addresses are legitimate. Suspicious software or code requests should be reported to the IT department of the university or company and to the local FBI field office.

Importantly, a university can have state-of-the-art security controls and strong cybersecurity policies and procedures and still find itself falling victim to this type of incident. This is because universities, like most companies and other organizations, are only as strong as their weakest link when it comes to cybersecurity. It only takes one person to fall victim to a phishing scheme – especially those that involve social engineering – to subject a university to months of having to respond to and satisfy legal notification obligations. Conducting regular phishing and cybersecurity training can help university employees remember to remain cautious about email correspondence amid their other responsibilities.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:

BakerHostetler
BakerHostetler
Contact
more
less

BakerHostetler on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide