UK universities left scrambling in wake of cyber attacks

Cyber crime concept art stock image showing an alert symbol in yellow on a red background
(Image credit: Getty Images)

The universities of Cambridge, Manchester, and Wolverhampton have been hit by cyber attacks in what appears to be a targeted campaign by the Anonymous Sudan hacker group.

In a post on X, the University of Cambridge's Clinical School Computing Service said that 'multiple universities' were experiencing a Distributed Denial of Service (DDoS) attack, and warned that internet access was intermittent.

Incoming connections to websites, VLE, VPN were also impacted, it said. The situation at Cambridge University appears to be back to normal.

The institutions said that after working with the Joint Information Systems Committee (JISC) - the not-for-profit providing network and IT services for higher education institutions - to resolve the issue, later reporting that the disruption was largely over.

The University of Manchester, meanwhile, told staff and students that it also experienced a serious incident, noting that “the issues have been caused by a cyber incident impacting both ourselves and our network provider, as well as some other UK Universities”,

Again, it managed to stabilize the situation after a few hours.

The University of Wolverhampton described the problem as a 'systems issue', but is today largely teaching classes online.

The attack has been claimed by the Anonymous Sudan hacking group, which said on Telegram that it is 'really causing issues for UK universities'.

The group cited political motivations for the attack, including current events in the Middle East.

The group, which was first observed in January last year, is believed to be using the Skynet botnet for its attacks. It has claimed a number of victims during the last year, including Microsoft.

Azure, Outlook, and OneDrive all suffered a series of outages last summer.

It was also believed to be behind an apparent attack on the European Investment Bank (EIB), and recently claimed responsibility for targeting ChatGPT and its parent company, OpenAI, with a series of DDoS attacks.

The group has claimed to be a group of Sudanese grassroots hacktivists. However, despite this, Anonymous Sudan is believed to be Russian-backed, partly because its use of rented servers implies a reasonable level of financial resources.

According to Trustwave, Anonymous Sudan appears to be a sub-group of the pro-Russian threat actor group Killnet, and focuses on DDoS attacks.

Soon after its creation, it claimed that its attacks were being conducted in response to anti-Muslim activities in its target nations, and in support of Russian hackers who themselves support Sudan. It's not believed to have any connection with the broader Anonymous group.

Earlier this month, security firm KnowBe4 warned that universities were increasingly becoming targets for cyber criminals, thanks to the personal data they hold - and the fact that their security is often poor.

"It’s a terrifying thought that only about half of higher education institutions in the UK have a strategy for safeguarding against cyber attacks," said Javvad Malik, the firm's lead security awareness advocate.

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.