China syndromeMassive cyberattack by Chinese government hackers on Penn State College of Engineering

Published 18 May 2015

The Penn State College of Engineering has been the target of two sophisticated cyberattacks conducted by so-called “advanced persistent threat” actors. The FireEye cybersecurity forensic unit Mandiant, which was hired by Penn State after the breach was discovered, has confirmed that at least one of the two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college. In a coordinated response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems has been launched. On 21 November 2014 Penn State was alerted by the FBI to a cyberattack of unknown origin and scope on the school’s College of Engineering.

The Penn State College of Engineering has been the target of two sophisticated cyberattacks conducted by so-called “advanced persistent threat” actors, University officials announced Friday. The FireEye cybersecurity forensic unit Mandiant, which was hired by Penn State after the breach was discovered, has confirmed that at least one of the two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college.

A Penn State release reports that in a coordinated response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems has been launched. Contingency plans have been put in place to allow engineering faculty, staff, and students to continue in as much of their work as possible while steps are taken to upgrade affected computer hardware and fortify the network against future attack. The outage is expected to last for several days, and the effects of the recovery will largely be limited to the College of Engineering.

To learn more about the incident, including information for affected faculty, staff, and students, are advised to visit http://SecurePennState.psu.edu/.

What has happened?
On 21 November 2014, Penn State was alerted by the FBI to a cyberattack of unknown origin and scope on the College of Engineering network by an outside entity. As soon as the University became aware of the alleged attack, security experts from Penn State began working to identify the nature of the possible attack and to take appropriate action, including the enlistment of third-party experts, chief among them Mandiant. An investigation has taken place across the College of Engineering computer network since that time.

Penn States says that as soon as the FBI alert was received, University leaders reached out selectively to key administrators, academic leaders, and IT professionals in the College of Engineering and a full-scale investigation of the college’s network began. College IT professionals also have taken steps to preserve critical data.

“In order to protect the college’s network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation,” said Nicholas P. Jones, executive vice president and provost at Penn State. “Any abnormal action by individual users could have induced additional unwelcome activity, potentially making the situation even worse.”