The Vice Society ransomware group has claimed that it has breached the Hamburg University of Applied Sciences, two months after the institution disclosed a cyber incident.
The higher education and applied research institution is located in Hamburg, Germany. Formerly known as Fachhochschule Hamburg, the University was founded in 1970.
The Cyber Express tried to contact the university to inquire about the data breach. However, the contact form on HAW Hamburg’s website was inactive and the email services are apparently interrupted.
The victim note posted on the leak site of the threat group does not mention the amount of data exfiltrated or the ransom amount demanded.
The HAW Hamburg data breach notification
The HAW Hamburg breach notification on January 6 said that security incident was discovered on 29 December 2022. Hackers gained administrative access to central storage systems, encrypted several virtual platforms, and deleted the stored backups.
“Based on what we know to date, the hackers used decentralized IT systems to manually work their way into HAW Hamburg’s central IT and security systems via the network,” said the disclosure.
“Using this path, they also obtained the administrative rights for the central storage systems and compromised the central data storage. They then used these administrative rights to begin encrypting various virtualized platforms and deleting stored backups.”
The university confirmed in the notification in compliance with article 34 of the GDPR regarding security incidents that after forensic analysis, it can be presumed that the following information may have been compromised and leaked:
- Usernames
- Cryptographically secured passwords
- Email addresses
- Phone numbers
- Details from affiliated university departments, and units
- Access privileges from teams and group memberships
- Any other text box information from self-service functions
The case is under investigation by the cybercrime division of the Landeskriminalamt.
Cyberattacks on the European education sector
“It is possible that additional information from areas outside the central university administration (faculties, departments, labs, etc.) have also been saved,” said the HAW Hamburg disclosure.
“A potential risk is that the leaked data could be misused,” it added. HAW Hamburg is the latest in the long list of European education institutions targeted by cybercriminals.
According to research by Check Point, the education and research sector witnessed a 114% increase in the last two years. The survey noted that the average weekly cyberattacks in the education and research sector in Europe decreased by -6%, and Germany also saw a decrease of -9%.
EURACTIVE Germany reports highlighted that institutions in the European Union are not well-prepared for the growing cyberattacks.
Bettina Jakobsen, who was in charge of the audit said, “The EU institutions, bodies, and agencies are attractive targets for potential attackers and especially for groups capable of carrying out technically sophisticated covert attacks for the purpose of cyber espionage and other malicious purposes.”
Moreover, there is a higher demand for better jurisdiction and implementation of cybersecurity framework as the European Union Agency for Cybersecurity (ENISA) and the IT Security Response Team (CERT-EU) are yet to buckle up to their highest required standards.
Germany and cyberattacks
In recent years, Germany has experienced multiple cyberattacks that have been claimed by Russia, including one in 2015 that targeted the Bundestag and the office of former Chancellor Angela Merkel.
Since Germany started supporting Ukraine with weapons deliveries and by introducing sanctions against Russia, cyber-attacks have peaked, in particular against energy providers and military organizations.
Days before the Vice Society disclosure on HAW Hamburg, Germany’s interior minister Nancy Faeser warned that Russia poses a significant danger to Germany due to its actions involving sabotage, disinformation, and spying attacks.
According to Faeser, Russian president Vladimir Putin is dedicating significant resources to cyber-attacks as a key part of his aggressive agenda. She also noted that the war has exacerbated cybersecurity concerns, and pro-Russia hackers’ attacks have risen.
The Federal Cybersecurity Agency (BSI), Germany, announced in January that key German administrations, including companies and airports, have been hit by cyberattacks, specifically distributed denial of service (DDoS) attacks.
The financial sector and federal government sites were also attacked, but no major consequences have been reported so far. The BSI spokesperson stated that identifying the source of such attacks is particularly difficult for hacker collectives.
The Baden-Württemberg regional police website was also targeted, and the investigation has been handed over to the police. According to Handelsblatt media group, the attacks were reportedly a retaliation against Berlin’s approval of the deployment of Leopard 2 tanks to Ukraine.
