New Zealand’s third-largest university was able to continue operating despite a cyberattack that forced officials to isolate affected servers.
Auckland University of Technology serves more than 29,000 students across three campuses located in the country’s largest metropolitan area.
Jeremy Scott, senior manager of corporate communications at the university, told Recorded Future News that the school recently experienced a cyber incident “involving unauthorized access to its IT environment by an unknown third party.” .
“Normal university operations and teaching continue both on campus and online, and disruptions to AUT services have been minimal. AUT took immediate action to contain and isolate potentially affected servers and implemented additional security measures within hours of initial detection,” Scott said.
“Leading external cybersecurity and computer forensics experts have been engaged to assist with incident management and conduct a thorough investigation. AUT has been advised that this investigation may take some time.
The university reported the incident to New Zealand’s National Cyber Security Center and the Office of the Privacy Commissioner.
The Monti ransomware gang took credit for Thursday’s attack, claiming to have stolen 60 gigabytes of data from the university, giving them until October 9 to pay an undisclosed ransom.
The group was created in June 2022 and recently restarted operations after a two-month hiatus – adding at least 13 apparent victims from the legal, financial and healthcare sectors to their leak site.
Monti was first discovered shortly after the infamous The Conti ransomware group has gone bankrupt. Several researchers, including Emsisoft threat analyst Brett Callow and Recorded Future ransomware expert Allan Liska, said the group’s code was very similar to that used by the Conti group. (The Record is an editorially independent unit of Recorded Future.)
Because of the fact that Conti source code leaked After publicly expressing support for Russia’s invasion of Ukraine, scholars are divided on whether Monti is simply a copycat or a true successor.
Trend Micro noted that Monti’s hackers appeared to imitate their predecessors, choosing a similar name and copying Conti’s attack tactics.
“The name comes from the fact that they were part of the new generation of Franken ransomware groups that rely on stolen code. Their first ransomware attacks used leaked Conti code,” Liska explained.
“Since their inception, they have rewritten the code and added a Linux variant. They went silent for a few months earlier this year, but started hitting organizations again a few months ago. This is a 3rd or 4th tier group, but as we’ve seen a lot this year, even 3rd and 4th tier groups can do damage.
Conti actors have already caused immense damage to New Zealand’s healthcare system during a Ransomware attack of 2021 on Waikato District Health Board IT systems. The attack destroyed all computers and phones at hospitals in Waikato, Thames, Tokoroa, Te Kuiti and Taumaranui.
At the time, the hospital’s general director called it is “probably the largest cyberattack in New Zealand’s history”.
Ransomware attack on Mercury IT, a widely used managed services provider (MSP) in New Zealand, disrupted dozens of organizations in the country, including several ministries and public authorities in December.
Future saved
Intelligence cloud.
No previous articles
No new articles
Jonathan Greig
Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.