IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

California University Researching COVID-19 Suffers Cyberattack

A hacking group, which has successfully attacked at least three universities recently, threatened to publish sensitive research information to the dark web if monetary demands are not met.

Illustration of a red broken lock with a row of data servers behind it.
Timofeev Vladimir/Shutterstock
Hackers have been agressively and successfully targeting universities engaged in COVID-19 research, recent reports show. 

The rash of cyberattacks is the latest example of the willingness of cybercriminals and bad actors to target governments and public institutions as they work to contain the ongoing pandemic.  

The most recent victim, the University of California San Francisco, discovered evidence of intrusion into their networks early Monday morning, a representative of the school confirmed. UCSF, which has been conducting important virus research including antibody testing, may have had its data stolen, according to Bloomberg News.   

"We have engaged an IT security firm and have reached out to law enforcement," reads a statement provided to GT by the institution. "With their assistance, we are conducting a thorough assessment of the incident, including a determination of what, if any, information may have been compromised. In order to preserve the integrity of the investigation, we will need to limit what we can share at this time."

Also on the list of most recent targets have been Michigan State University and apparently Columbia College of Chicago, both of which are conducting similar coronavirus research. 

The group responsible is known as "Netwalker," has been known to target health-care organizations, and has been known to steal unencrypted data before encrypting it. Netwalker first emerged in the middle of last year and specifically targets enterprise networks. In each of the recent cases involving universities, the group has already posted a limited amount of data to its dark web leak site to support its claims, said Brett Callow, threat analyst with Emsisoft. 

"Like multiple other groups, the operators of NetWalker have launched a name-and-shame leak site and use the threat of publishing exfiltrated data as additional leverage to extort payment," Callow explained. "The group’s other victims include Toll Group, Bolloré and Weiz, an Austrian municipality." 

At this point, he said, there is no evidence to suggest that group are anything other than for-profit criminals primarily interested in extorting ransoms.
 
"That said, the fact the group has hit three universities in quick succession is certainly interesting and raises the question of whether the universities may have been specifically targeted for a particular reason. Data is a valuable commodity and, at this point time, COVID-19 research is a particularly valuable commodity," Callow said.  
Lucas Ropek is a former staff writer for Government Technology.