Penn State’s College of Engineering has disconnected its network from the Internet in response to two sophisticated cyberattacks – one from a what the university called a “threat actor based in China” – in an attempt to recover all infected systems.
The university said there was no indication that research data or personal information was stolen in the attacks though usernames and passwords had been compromised.
+More on Network World: Yikes: 10,000 IRS impersonation scam calls are placed every week+
Penn State said that it was alerted to the attack by the FBI last November and the university brought on a number of experts including FireEye cybersecurity forensic unit Mandiant, to investigate the situation. Mandiant confirmed that at least one of the two attacks came from a threat actor based in China, which used advanced malware to attack systems in the college. The investigation has revealed that the earliest known date of intrusion is September 2012.
“In order to protect the college’s network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation,” said Nicholas P. Jones, executive vice president and provost at Penn State. “Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse.”
“As we have seen in the news over the past two years, well-funded and highly skilled cybercriminals have become brazen in their attacks on a wide range of businesses and government agencies, likely in search of sensitive information and intellectual property,” said Penn State President Eric Barron in a letter to the Penn State community. “This new threat must be faced head-on, not just by Penn State but by every large university, business and government the world over.”
+More on Network World: FBI: Be wary about Web searches for federal information+
Penn State said contingency plans are in place to allow engineering faculty, staff and students to continue in as much of their work as possible while significant steps are taken to upgrade affected computer hardware and fortify the network against future attack. The outage is expected to last for several days, and the effects of the recovery will largely be limited to the university’s College of Engineering.
"Cyberattacks like this - sophisticated, difficult to detect and often linked to international threat actors - are the new normal. No company or organization is immune," Nick Bennett, senior manager at Mandiant, told Reuters.
Check out these other hot stories: