Connect with us

Hi, what are you looking for?


Malware & Threats

Penn State University Cuts Internet After Chinese Cyberattack

Penn State University said Friday that it disconnected the network of its college of engineering from the Internet in response to two cyberattacks, with at least one believed to be conducted by threat actors based in China.

Penn State University said Friday that it disconnected the network of its college of engineering from the Internet in response to two cyberattacks, with at least one believed to be conducted by threat actors based in China.

According to an announcement by the University on Friday, the institution was alerted by the FBI on Nov. 21, 2014 of a cyberattack of “unknown origin and scope on the College of Engineering network by an outside entity.”

Penn State hired FireEye-owned Mandiant to investigate the incident, which has confirmed that at least one of two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college.

Penn State Hacked“In order to protect the college’s network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation,” said Nicholas P. Jones, executive vice president and provost at Penn State. “Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse.”

According to Penn State, Mandant’s investigation discovered the presence of two previously undetected attackers within the college’s network. The investigation also revealed that the earliest known date of intrusion is September 2012.

The University did not expain how the attack was attributed to China.

“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Penn State President Eric Barron in a letter to the Penn State community. “This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible; minimize the disruption and inconvenience to engineering faculty, staff and students; and to harden Penn State’s networks against this constantly evolving threat.”

The outage is expected to last for several days.

Advertisement. Scroll to continue reading.

The University said there is no evidence to suggest that research data or personally identifiable information (such as Social Security or credit card numbers) have been stolen, however, investigators do have direct evidence that a number of College of Engineering-issued usernames and passwords have been compromised, and a small number have been used by the attackers to access the network.

All College of Engineering faculty and staff at University Park will be required to choose new passwords for their Penn State access accounts. Additionally, engineering faculty and staff looking to access college resources remotely via a VPN connection will be required to use two-factor authentication, the University said.

“In several days, our College of Engineering will emerge from this unprecedented attack with a stouter security posture, and engineering faculty, staff and students will need to learn to work under new and stricter computer security protocols,” Barron added. “In the coming months, significant changes in IT security policy will be rolled out across the University, and all of us as Penn Staters will need to change the way we operate in the face of these new and significant challenges. This new threat must be faced head-on, not just by Penn State but by every large university, business and government the world over. This is a new era in the digital age, one that will require even greater vigilance from everyone.”

“This should be a wake up call to other colleges and universities, it is rare for only one institution to be targeted by an active cyber espionage campaign,” Ken Westin, senior security analyst for Tripwire, told SecurityWeek.

“Given that the group was targeting engineering departments it’s pretty clear that the attacker were looking intellectual property. Many times there is deep collaboration between higher education and private industry to commercialize research, and this combined with the fact that higher education generally lacks the resources to develop a strong security posture makes them a high value target for sophisticated attackers.”

“I hate to be the bearer of bad news, but I think there are quite a few more breaches like this. Some of them have been detected, but many haven’t,” Westin said.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.