Cyber Incident Victim: University of Maribor
Date:
Oct 2024
Location:
Slovenia
Summary
The University of Maribor suffered a large-scale cyber attack causing widespread IT service disruptions, including partial or complete inaccessibility of internet services, student and employee portals, domain logins, institutional email systems, and digital identity authentication. External platforms like Microsoft 365 and Teams remained temporarily functional for active sessions. The institution engaged relevant authorities and IT experts to restore systems while coordinating alternative arrangements for academic and operational continuity. Users were advised to immediately change passwords reused across other services if their university credentials were compromised.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 22, 2024, at approximately 8:00 PM local time, the University of Maribor experienced a large-scale cyber attack that disrupted core computer systems across Slovenia's second-largest university. The attack rendered internet access, student e-services, and employee-facing professional service portals partially or completely inaccessible by the following morning. Domain-based login systems for computers in lecture halls and specialized classrooms became nonfunctional, while authentication services tied to the university's digital identity system—including employee email accounts—were disabled. External cloud-based platforms such as Microsoft 365 and Teams remained temporarily accessible for existing authenticated sessions but faced potential disruption upon session expiration. The university's Computer Center at the Faculty of Electrical Engineering, Computer Science and Informatics formally notified the academic community of the outage on October 23, confirming the cyber attack as the cause. No specific details regarding the attack vector or perpetrator were disclosed at this initial stage.
University administrators immediately engaged with national cybersecurity authorities and external IT security experts to contain the incident and initiate recovery procedures. While prioritizing system restoration, the institution simultaneously developed contingency plans to maintain essential academic and administrative operations during the disruption. The university issued a security advisory urging students and staff to immediately change passwords on any external services where they had reused credentials identical to their university digital identity accounts. No ransomware demands or data exfiltration claims were publicly acknowledged in the initial 24-hour response window. The institution maintained limited public communications, stating only that forensic analysis and recovery efforts were ongoing and declining to provide timelines for full service restoration. Teaching activities faced significant logistical challenges due to the loss of centralized authentication systems and digital learning platforms.