The network credentials and VPN access information were mainly acquired through ransomware, spear-phishing, and other cyberattacks.
According to the US Federal Bureau of Investigation (FBI), hackers are selling virtual private network (VPN) access and network credentials used by employees of a “multitude” of colleges and universities in the US. The stolen data is sold on Russian underground cybercrime platforms.
The FBI noted that in May 2021, they discovered over 36,000 email/password combinations for addresses ending with .edu. These addresses were available publicly on instant messaging platforms commonly used by cybercriminals.
“As of January 2022, Russian cybercriminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified US-based universities and colleges across the country, some of which included screenshots as proof of access.”
The FBI Targeted Universities
According to the FBI’s Private Industry Notification [PDF], most of the credentials part of the data up for sale on Russian hacker platforms were obtained through ransomware attacks and spear-phishing campaigns launched against US educational institutions over the years.
The institutions targeted in ransomware attacks in the last couple of years include:
Ohlone CollegeCentralia CollegeStratford UniversityThe Yeshiva UniversityStony Brook