FBI - Hacked Information

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks.

The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that threat actors can use to launch attacks against individuals and organizations in the industry. The availability of this data is the result of continued attacks conducted by threat actors against US colleges and universities. The alert also includes recommendations and mitigations for these attacks.

“The FBI informs academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber-attacks against individual users or affiliated organizations.” reads the alert published by the FBI.

Crooks obtain the information by conducting spear-phishing and ransomware attacks or other means.

In 2017, crooks launched a phishing campaign against universities to compromise .edu accounts. The attackers set up fake university login pages and embedded a credential harvester link in phishing emails.

In late 2020, login credentials for US-based universities were found for sale on the dark web. The seller listed approximately 2,000 unique credentials.

In May 2021, cybercriminals offered more than 36,000 login credentials for .edu email accounts and advertised the data on an instant messaging platform.

In May 2021, over 36,000 email and password combinations for .edu email accounts were offered for sale on a publically available instant messaging platform.

In January 2022, threat actors were observed offering for sale network and VPN access credentials belonging to US-based universities and colleges on Russian cybercrime forums.

“The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces. The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services,” concludes the alert. “If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit for other criminal activity against the account holder, or use for subsequent attacks against affiliated organizations.”


Please enter CoinGecko Free Api Key to get this plugin works.