University of Virginia hack targeted employees with China ties

Getty Images

The Chinese hackers that infiltrated the University of Virginia’s networks this month were targeting two specific employees at the school, which has links to the Defense Department and other intelligence agencies.

The university announced last week that hackers had infiltrated its servers, forcing a two-day shutdown of its system. Officials said that the hackers did not access any personal data, such as Social Security numbers or personal health information.

But university spokesman Anthony P. de Bruyn told The Daily Beast, which first reported the news, that the hackers targeted two individual university employees “whose work has a connection to China.”

ADVERTISEMENT
He declined to identify the two employees, but said that hackers accessed their email accounts.

U.Va. engaged well-known cybersecurity firm Mandiant, when federal investigators informed it of the hack in June, to “investigate the nature of the attack and to take corrective action.”

The university has a number of links to intelligence agencies that may have drawn the attention of government-sponsored Chinese hackers. The nearby U.Va. Research Park boasts some prominent government contractors as tenants, including Booz Allen Hamilton, Leidos and Northrop Grumman.

Some of the companies at the Research Park work with faculty and students from the U.Va. engineering school on homeland and cybersecurity research, according to the school.

De Bruyn did not confirm whether any Research Park employees were affected.

Cyberattacks on universities have been mounting, although many have assumed that such intrusions were large-scale attempts to acquire the vast amounts of personal data that academic institutions store — data that is worth a considerable price on the dark web.

According to The Daily Beast, the Defense Department issued a warning in July that hackers “affiliated with a known foreign intelligence agency” were targeting academic institutions in addition to government contractors.

“In the past three months, this [Advanced Persistent Threat] actor has penetrated U.S. infrastructure, exfiltrated data, and compromised credentials,” the warning stated.