A recent phishing campaign targeted the University of Padua, where malicious actors stole clear-text email and password credentials from students and staff using two fraudulent domains. The campaign affected over 190 accounts, prompting immediate steps to deactivate the fake pages and disseminate indicators of compromise (IoCs) to accredited public administrations. Affected: University of Padua, Students, Staff
Keypoints :
- A phishing campaign targeted the University of Padua.
- Malicious actors used fraudulent domains to create fake login pages.
- Over 190 accounts had their credentials stolen.
- The University was promptly informed and actions were taken to deactivate the malicious pages.
- IoCs were disseminated to all accredited public administrations connected to CERT-AGID.
- Phishing campaigns can compromise sensitive data and facilitate further attacks.
- Recommendations were made to users to verify the authenticity of communications.
MITRE Techniques :
- Phishing (T1566): Malicious actors crafted emails and fake login pages to steal credentials.
- Credential Dumping (T1003): Stolen clear-text credentials were collected from victims.
Indicator of Compromise :
- [Domain] fraudulent-domain1.com
- [Domain] fraudulent-domain2.com
Full Story: https://cert-agid.gov.it/news/campagna-di-phishing-mirata-a-unipd-circa-200-credenziali-compromesse/