Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Penn State University Cuts Internet After Chinese Cyberattack

Penn State University said Friday that it disconnected the network of its college of engineering from the Internet in response to two cyberattacks, with at least one believed to be conducted by threat actors based in China.

Penn State University said Friday that it disconnected the network of its college of engineering from the Internet in response to two cyberattacks, with at least one believed to be conducted by threat actors based in China.

According to an announcement by the University on Friday, the institution was alerted by the FBI on Nov. 21, 2014 of a cyberattack of “unknown origin and scope on the College of Engineering network by an outside entity.”

Penn State hired FireEye-owned Mandiant to investigate the incident, which has confirmed that at least one of two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college.

Penn State Hacked“In order to protect the college’s network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation,” said Nicholas P. Jones, executive vice president and provost at Penn State. “Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse.”

According to Penn State, Mandant’s investigation discovered the presence of two previously undetected attackers within the college’s network. The investigation also revealed that the earliest known date of intrusion is September 2012.

The University did not expain how the attack was attributed to China.

“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Penn State President Eric Barron in a letter to the Penn State community. “This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible; minimize the disruption and inconvenience to engineering faculty, staff and students; and to harden Penn State’s networks against this constantly evolving threat.”

The outage is expected to last for several days.

The University said there is no evidence to suggest that research data or personally identifiable information (such as Social Security or credit card numbers) have been stolen, however, investigators do have direct evidence that a number of College of Engineering-issued usernames and passwords have been compromised, and a small number have been used by the attackers to access the network.

Advertisement. Scroll to continue reading.

All College of Engineering faculty and staff at University Park will be required to choose new passwords for their Penn State access accounts. Additionally, engineering faculty and staff looking to access college resources remotely via a VPN connection will be required to use two-factor authentication, the University said.

“In several days, our College of Engineering will emerge from this unprecedented attack with a stouter security posture, and engineering faculty, staff and students will need to learn to work under new and stricter computer security protocols,” Barron added. “In the coming months, significant changes in IT security policy will be rolled out across the University, and all of us as Penn Staters will need to change the way we operate in the face of these new and significant challenges. This new threat must be faced head-on, not just by Penn State but by every large university, business and government the world over. This is a new era in the digital age, one that will require even greater vigilance from everyone.”

“This should be a wake up call to other colleges and universities, it is rare for only one institution to be targeted by an active cyber espionage campaign,” Ken Westin, senior security analyst for Tripwire, told SecurityWeek.

“Given that the group was targeting engineering departments it’s pretty clear that the attacker were looking intellectual property. Many times there is deep collaboration between higher education and private industry to commercialize research, and this combined with the fact that higher education generally lacks the resources to develop a strong security posture makes them a high value target for sophisticated attackers.”

“I hate to be the bearer of bad news, but I think there are quite a few more breaches like this. Some of them have been detected, but many haven’t,” Westin said.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.