Mar 15 2019

Cyber Espionage Puts Research Universities at Risk

Foreign and domestic adversaries target higher education institutions that have military and government contracts.

Universities face cyber espionage threats as the future of military superiority becomes increasingly entwined with technological innovation.

APT40, a China-nexus cyber espionage group, is working to infiltrate research institutions in higher education as part of China's larger information acquisition strategy, The Wall Street Journal reports.

APT40 has targeted several universities already, including Pennsylvania State University and Duke University, according to the article. 

Experts at my company, cybersecurity provider FireEye, identified a further wave of espionage activity from APT40 in 2018, which hit multiple organizations, including an academic institution. All of these were conducting work on maritime defense–related projects. 

This was all one arm of a much larger campaign of intrusions that impacted the U.S. Navy and defense contractors and prompted the Navy to conduct a review into their systems.

MORE FROM EDTECH: Check out why universities should evaluate their intrusion prevention systems.

Cyber Espionage from Abroad Is Familiar Territory for Universities

Foreign intelligence threats to universities are not new. Several reports last year illustrated how traditional influence and intelligence campaigns — predominantly from China — focused on Western universities and their students, faculty and administrators to collect data, leverage influence and track expats studying abroad

In contrast with recruiting students and professors to be intelligence assets, cyber espionage, in many cases, is a less costly way to steal information. 

Cyber espionage groups will often gravitate to the weakest link to collect data. Considering the important work done by academic researchers for both commercial and military applications, poorly secured university networks have become a target of choice for adversaries.


The number of academic institutions that participated in the U.S. Department of Defense's Multidisciplinary University Research Initiative program in 2018

Source: U.S. Department of Defense, "Defense Department Awards $169 million in University Research Funding," April 2018

Unclassified, sensitive research done at many leading technical universities in the U.S. can be a particularly enticing target for nation-states seeking to leapfrog their technological capabilities. 

With cutting-edge research on quantum computing, artificial intelligence, robotics and other high-tech fields all happening in university laboratories, acquiring information before it is classified and contained in more hardened networks can be a valuable acquisition strategy.

To strengthen their security, universities should look to improve their risk management protocols and tools. By implementing a solid security framework, universities can mitigate their vulnerability to foreign threats.

Another option is to adopt a zero-trust model. In a zero-trust network, users only have access to specific applications. This helps keep adversaries from breaching a user’s account, moving laterally and gaining access to sensitive information. 

Adversaries Infiltrate Universities to Reach Higher-Level Targets

Another attribute many universities share that makes them attractive targets for intelligence collection is that they are often well connected to policymakers, government researchers and nongovernmental organizations

Cyberthreats to universities are not limited to APT40 and other Chinese espionage groups. Adversaries from Iran, North Korea, Russia and others may be trying to find ways to infiltrate universities.

As tech innovation becomes inseparable from military dominance, civilian researchers and students from around the world will be increasingly targeted

This means it will be more important than ever for higher education IT leaders to regularly check for network vulnerabilities, train users and invest in next-generation technology to keep their campus networks safe.


South_agency/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT