The Auckland University of Technology (AUT) recently became the target of a cybersecurity incident perpetrated by the infamous Monti ransomware group. This breach was followed by the group claiming responsibility for the attack and proudly adding AUT to their “Wall of Shame” on the dark web.
While the exact motive behind targeting the university remains unknown, the group’s message implies that they exploited what they perceived as weak security measures. The Monti ransomware group boasted about the breach and even provided a download link for a sample of the stolen data.
Founded in 1895, AUT is a renowned institution of higher education that offers a wide range of programs across various disciplines. The Cyber Express, a prominent cybersecurity news outlet, sought confirmation from AUT regarding the breach. In response, the university released an official statement acknowledging the incident as an unauthorized access to their IT environment by an unknown third party. However, they assured the public that normal university operations and teaching activities were unaffected by the breach.
AUT took swift action in response to the breach, isolating potentially affected servers and implementing additional security measures shortly after the initial detection. The university also enlisted the help of leading external cybersecurity and forensic IT professionals to manage the incident and conduct a thorough investigation. It should be noted that this investigation might take some time to yield conclusive results.
In compliance with best practices, AUT promptly reported the breach to the National Cyber Security Centre and the Office of the Privacy Commissioner. The university remains committed to working closely with these agencies throughout their response efforts.
The Monti ransomware group’s tactics in this breach are noteworthy. After a two-month hiatus, they returned with a new Linux version of their encryptor, targeting government and legal sectors. This group initially gained attention in 2022 for mimicking the tactics of the Conti ransomware group, even utilizing its leaked source code. However, the new Linux version exhibited distinctive behaviors, marking a significant departure from its predecessors.
What sets the Monti ransomware group apart is their different motivation. While most ransomware groups aim for financial gain, Monti sees their activities as ethical hacking, exposing vulnerabilities in corporate networks. They consider their actions as penetration testing and expect compensation for their services. In cases of non-payment, they resort to publicly listing the victimized companies on their data leak site’s “Wall of Shame.”
The Auckland University of Technology breach has brought the Monti ransomware group back into the spotlight after a prolonged period of silence. Despite being a low-profile threat actor, this university data breach has once again put them under scrutiny.
As this is an ongoing story, The Cyber Express will continue to update their coverage as more information becomes available about the Auckland University of Technology breach.
Media Disclaimer: It’s important to note that this report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users should take full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.