New Zealand university operating despite cyberattack

Jason Macuray

New Zealand’s third-largest university has been able to continue operating despite a cyberattack that forced officials to isolate affected servers.

The Auckland University of Technology serves more than 29,000 students across three campuses in the country’s largest metropolitan area.

Jeremy Scott, senior corporate communications manager at the university, told Recorded Future News that the school recently experienced a cyber incident “involving unauthorized access to its IT environment by an unknown third-party.”

“Normal university operations and teaching continue both on campus and online, and disruption to AUT services has been minimal. AUT took immediate action to contain and isolate potentially affected servers and implemented additional security measures in the hours after initial detection,” Scott said.

“Leading external cyber security and forensic IT experts have been engaged to assist with the incident management and conduct a thorough investigation. AUT has been advised that this investigation may take some time to complete.”

The university has reported the incident to New Zealand’s National Cyber Security Centre and the Office of the Privacy Commissioner.

The Monti ransomware gang took credit for the attack on Thursday, claiming to have stolen 60 gigabytes of data from the university, giving them a deadline of October 9 to pay an undisclosed ransom.

The group emerged in June 2022 and recently restarted operations after a two-month break – adding at least 13 apparent victims from the legal, financial services, and healthcare sectors to their leak site.

Monti was first discovered shortly after the infamous Conti ransomware group went out of business. Several researchers, including Emsisoft threat analyst Brett Callow and Recorded Future ransomware expert Allan Liska, said the group’s code was very similar to the one used by the Conti group. (The Record is an editorially independent unit of Recorded Future.)

Due to the fact that Conti’s source code was leaked after it publicly expressed support for Russia’s invasion of Ukraine, researchers are split on whether Monti is simply an imitator or an actual successor.

Trend Micro noted that the Monti hackers seemed to be imitating their predecessors, choosing a similar name and copying Conti’s attack tactics.

“The name comes from the fact that they were one of the new breed of Franken-ransomware groups relying on stolen code. Their first ransomware attacks used leaked Conti code,” Liska explained.

“Since their start they have rewritten the code and added a Linux variant. They went quiet for a few months earlier this year but started hitting organizations again a couple of months ago. They are a 3rd or 4th tier group, but as we’ve seen a lot this year, even 3rd and 4th tier groups can do damage.”

Conti actors previously caused immense damage to New Zealand’s healthcare system during a 2021 ransomware attack on the Waikato District Health Board IT systems. The attack brought down all of the computers and phones at hospitals in Waikato, Thames, Tokoroa, Te Kuiti and Taumaranui.

At the time, the hospital’s chief executive called it the “probably the biggest cyberattack in New Zealand’s history.”

A ransomware attack on Mercury IT, a widely used managed service provider (MSP) in New Zealand, disrupted dozens of organizations in the country, including several government departments and public authorities in December.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Egyptian opposition politician hacked with Predator spyware, researchers confirm

Next Post

Court ruling on California’s online child safety law could put similar bills on hold

Related Posts

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials

As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands
Read More

Failed unsubscribes could be a clue your data’s out of control

Anyone who's eveer tried to unsubscribe to an email list knows that "unsubscribe" button never seems to work — except to verify your email account is working. But what if that failure arises from something more problematic than an unethical person ignoring the request? What if it is the latest symptom of the overly distributed data problem?That's the same issue that undermines compliance and legal discovery rules such as GDPR’s Right To Be Forgotten rule. It’s also the same problem that makes it all-but-impossible for enterprises to have current and comprehensive datamaps. To read this article in full, please click here
Read More