Penn State discloses major cyberattack by China

Chinese hackers have spent more than two years combing through Penn State University networks, a breach that might have resulted in intrusions into networks of defense contractors and government agencies.

The university disclosed the breach of its College of Engineering on Friday after the FBI noticed the unusual activity and notified the school in November.


The subsequent investigation revealed that two groups of hackers had been inside the school’s networks — one linked to the Chinese government, one likely state-sponsored.

“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” Penn State President Eric Barron wrote in a letter to professors and students.

“This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible.”

Universities are attractive targets for Chinese hackers interested in gathering trade and technological secrets from U.S. companies.

Major research schools help develop commercial and defense technology for contractors and the military. Penn State is known for its expertise in aerospace engineering, a topic of major interest to Beijing.

The school hired Mandiant, a top cybersecurity forensics firm, to investigate the attack.

Investigators did not disclose whether the Penn State intruders were able to infiltrate additional networks.

The university notified 500 research partners — including federal agencies and major companies — about possible risks to their networks and has reportedly spent millions of dollars trying to eject the hackers. 

This task can prove difficult after even a minor data breach, so there is no telling how long it will take to break hackers’ two-year grip on the university’s systems.

As part of the effort, technicians are taking the engineering school’s network completely offline for several days, according to reports.