Update: MUDCARP threat actor group linked to the recent widespread attacks targeting multiple universities
- Research shows that the group collected sensitive information related to specific submarine technologies produced by multiple defense contractors.
- The Massachusetts Institute of Technology and the University of Washington are some of the institutes affected in the attack.
New details regarding the recent attacks on multiple universities have emerged lately. Previously, it was found that a Chinese cybercriminal group was targeting specific universities across the globe to steal confidential data related to maritime technology. Now, the researchers have disclosed the name of the threat actor group.
Who is behind it - In a report, iDefense, a cybersecurity intelligence firm has revealed that MUDCARP threat actor group was involved in the attacks that targeted several institutions and universities that had links to Woods Hole Oceanographic Institute (WHOI).
“Based upon tactics, techniques and procedures (TTPs) correlations, campaign targeting, leveraged malware, infrastructure and compelling third-party intelligence,4 iDefense analysts have moderate to high confidence that this activity is attributed to the MUDCARP (aka “TEMP.PERISCOPE” and “Leviathan”) threat group,” iDefense stated in its analysis report.
Extensive research showed that the group collected sensitive information related to specific submarine technologies produced by multiple defense contractors and their respective supply chains.
“Any technology or program that involves the delivery or launching of a payload from a submerged submarine, or undersea autonomous vehicles, is of high interest to MUDCARP. It is likely that MUDCARP actors have targeted several cleared defense contractors, universities (both domestic and foreign), and oceanographic institutes,” the researchers noted.
Which universities are affected - Although the complete list of the affected universities has not been revealed, iDefense researchers disclosed that the Massachusetts Institute of Technology and the University of Washington are some of the institutes affected in the attacks. Other colleges in Canada and Southeast Asia are also impacted by widespread attacks.
The report highlights that MUDCARP and other cyberespionage threat groups will continue to target companies, think tanks and universities who are in the DoD supply chain. These organizations contain a trove of intellectual property data and other crucial information.