German Institute of Global and Area Studies (GIGA) has allegedly become the latest target of KelvinSecurity’s threat campaign.
According to the post shared by the threat actor on a dark web forum, the stolen data includes SQL, and Drupal databases, totalling up to 1GB of confidential information about the employees and staff of the educational institution.
The hacker group is popular for being an initial access seller to hackers and cybercriminals and has previously attacked Vodafone Italy, Drakorindo among others.
The threat actor has shared three samples on the dark web forum, consisting of folders, such as Giga-hamburg.de.sql.7z (46.5 MB), Giga-hamburg.de.sql.7z (48.74MB), and Giga-hamburg.de.sql.7z (48.7 MB).
As a notorious data seller, KelvinSecurity has an established track record of providing valuable information to customers.
In addition to selling data, the company also offers initial access to other cybercriminals, allowing them to exploit vulnerabilities and gain unauthorized entry into systems.
The German Institute of Global and Area Studies is a leading research institute based in Hamburg, Germany. It conducts interdisciplinary research on political, economic, and social developments in Africa, Asia, Latin America, and the Middle East.
The Institute researches international relations, governance, civil society, economic development, security, and environmental and resource politics.
GIGA also provides training to young researchers, offers policy advice to governments, international organizations, and non-governmental organizations, and aims to inform the public about global developments and challenges through its publications, events, and media engagement.
Rise of cyberattacks on educational institution
Several factors have driven the rise of cyberattacks on educational institutions. One of the main reasons is the increasing use of technology in education.
With more and more classes and activities being conducted online, educational institutions are collecting and storing more sensitive data than before. This data is valuable to cybercriminals and can be used for various criminal activities such as identity theft, financial fraud, and more.
The shift to remote learning following the COVID-19 pandemic has also given the hackers a larger target base as several educational institutions set up remote access infrastructures, which were not properly secured.
In September 2022, in a similar incident, the UK’s Information Commissioner’s Office (ICO) took legal action against the Department of Education (DfE) due to their failure to properly handle student data and adhere to the General Data Protection Regulation (GDPR) standards.
The prosecution cited violations of Article 5(1)(a) and Article 5(1)(f), resulting in the mishandling of the personal information of over 28 million students.
In December 2022, the Hive ransomware group posted encrypted files from three United States schools on the dark web.
These files were made available for download on the group’s leak site, belonging to Innovative Education Management, North Idaho College, and Dixons Allerton Academy.
Many educational institutions have limited budgets and resources, making it difficult to implement robust cybersecurity measures — making the hacker’s job easy. This makes them an easy target for cybercriminals.
Overall, with the increasing reliance on technology in education, educational institutions have become a prime target for cyberattacks, making it even more important for them to take proactive measures to protect themselves.
The Cyber Express could not verify the claim and has reached out to GIGA to confirm the alleged data breach.