ALPHV (BlackCat) ransomware gang claims attack on Irish university

The ALPHV ransomware group, also known as BlackCat, has listed just over 6GB of data allegedly stolen from the Munster Technological University (MTU) in Ireland.

The directory posted on ALPHV’s .onion site purports to include employee records and payroll details, both extremely sensitive datasets that could lead to fraud and harassment.

Last week neither MTU nor cybersecurity experts publicly attributed the attack to a specific cybercrime group. The university announced Feb. 6 that its campuses in Cork would be closed following a “significant IT breach and telephone outage,” and warned that classes would be canceled.

In an update Monday, the university stated: “We are pleased to report that students and staff have returned to campus and that the resumption of in person teaching on campus is now successfully underway.”

IT services at MTU are not yet completely operational and the statement thanked “students and staff for their patience, support and co-operation during this time.”

It also warned that the university’s review and investigation of the incident was ongoing, particularly around “the release of data on the ‘dark web’.”

As a ransomware operation, ALPHV has stood out to researchers for having extensive experience and for coding its malware in the Rust programming language — a first for ransomware used in real-world attacks.

Read more: An ALPHV (BlackCat) representative discusses the group’s plans for a ransomware ‘meta-universe’

The university, which was officially founded last year as a merger between the Cork Institute of Technology and the Institute of Technology, Tralee, has more than 18,000 students. It has six campuses — four in Cork which were closed as a result of the attack, and two in Tralee which remained open.

On its webpage for the incident, the university recommended “any person potentially affected by this incident to follow the official advice and recommendations on the prevention of fraud from the National Cyber Security Centre and the joint guidance of An Garda Siochána and the Banking and Payments Federation of Ireland.”

Individuals potentially impacted by the attack were also cautioned to be vigilant of any suspicious communications and encouraged to contact their financial institutions directly if they see any unusual transactions or activity on their banking or credit cards.

“We are continuing to work with all relevant State agencies in relation to this matter and are taking all possible steps to address and mitigate this incident,” the MTU statement added.

It is not the first time that higher education establishments in Ireland have been impacted by a cyberattack. In April 2021, the National College of Ireland and the Technological University of Dublin were hit by ransomware attacks.

In September of the same year the National University of Ireland, Galway, announced that it had taken its systems offline after another attempted attack.

Ransomware attacks on universities have been on the rise in recent months. This week Israeli tech university Technion is recovering from an incident. In January, the University of Zurich, Switzerland’s largest university, announced it was the target of a “serious cyberattack.” 

The University of Zurich described the incident as “part of a current accumulation of attacks on educational and health institutions,” particularly “on universities in German-speaking countries in recent weeks.”
This appeared to be a reference to the Harz University of Applied Sciences in Saxony-Anhalt, Ruhr West University, and the EU/FH European University of Applied Sciences, all of which said they suffered cyberattacks during the week prior.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.