Chinese hackers hit Penn State University, 18K people impacted

The Penn State suffered a high sophisticated cyber attack that that seems to be originated from China and that exposed data belonging to 18K people.

The Pennsylvania State University’s College of Engineering confirmed that it has been targeted by two “highly sophisticated” cyber attacks over the last two years.

“Today (May 15), University leadership announced that our College of Engineering has been the target of two highly sophisticated cyberattacks. In a coordinated and deliberate response by Penn State, the college’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems is underway. ” explained the University President Eric Barron in an official statement.  

The President apologized because usernames and passwords belonging to more than 18,000 people may have been accessed by the hackers, despite there is no evidence that financial information and social security numbers were stolen too.

The University has already hired a security company to investigate the cyber attacks that appear to be originated in China. When the FBI first alerted the Penn State University of a cyber attack in November 2014, the institution hired security firm FireEye/Mandiant to investigate the data breach and arrange the incident response.

“We all will need to take additional steps to protect ourselves, our identities and our information from a new global wave of cybercrime and cyberespionage,” Barron said in his statement. “Well-funded and highly skilled cyber criminals have become brazen in their attacks on a wide range of businesses and government agencies, likely in search of sensitive information and intellectual property.” reports another statement published by the organization.

The universities worldwide are privileged targets of cyber criminals and state-sponsored hackers, attackers are interested to steal personal information of people involved in project of interest, the information is usually used later for targeted attacks that aim to steal intellectual properties and other secrets on advanced projects.

The list of the Universities victims of cyber attacks includes the University of California, the University of Maryland, and the University of Southern California.

President Barron explained that the attacks were particularly sophisticated and bypassed defense systems in place at the Pennsylvania State University that on average “repels” more than 22 million cyber attacks every day.

“In this particular case we are dealing with the highest level of sophistication,” Barron said. “Unfortunately, we now live in an environment where no computer network can ever be completely, 100 percent secure.”

The Penn State University has notified about 18,000 individuals that could have been impacted by the data breach, the organization is offering them one year of free credit monitoring. The experts at the University also notifying nearly 500 public and private research partners about the cyber attack.

“Advanced cyberattacks like this — sophisticated, difficult to detect and often linked to international threat actors — are ‘the new normal,'” said Nick Bennett, Mandiant’s senior manager of professional services. “No company or organization is immune — the world’s leading banks, energy companies, retailers and educational institutions have all been and will be targets.”

In time I’m writing the computer network at Penn State University has been disconnected from the Internet, according to the President Barron the network will be back up in several days.

Pierluigi Paganini

(Security Affairs – Penn State University, hacking)