Cyber Incident Victim: University of Washington
Date:
Jan 2017
Location:
United States of America
Summary
Chinese hackers targeted multiple universities, including the University of Washington, through spear phishing campaigns impersonating partner institutions to deliver malicious payloads. The attacks focused on institutions conducting underwater technology research or with ties to a major oceanographic organization linked to U.S. naval operations, aiming to compromise maritime military secrets. Security analysts attributed the activity to groups like Temp.Periscope or Leviathan, assessing with high confidence that the intrusions successfully breached targeted systems. While direct Chinese government involvement remains unconfirmed, the campaign's alignment with military objectives led investigators to suspect state sponsorship. The incidents occurred amid broader geopolitical tensions involving technology security concerns between the U.S. and China.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Between 2017 and early 2019, a hacking group linked to China conducted a sustained cyber espionage campaign targeting 27 universities globally, including the University of Washington, Massachusetts Institute of Technology, Penn State, Duke University, and institutions in Canada and Southeast Asia. The attackers employed spear phishing emails crafted to mimic correspondence from partner universities, delivering malicious payloads when opened. Security firm iDefense attributed these attacks to a group alternately identified as Temp.Periscope, Mudcarp, or Leviathan. The campaign specifically focused on universities engaged in underwater technology research or hosting faculty with expertise relevant to maritime military applications. Several targeted institutions maintained affiliations with the United States' largest oceanographic research institute, which itself had connections to the U.S. Navy's warfare center. iDefense expressed high confidence that this central research institute had been successfully compromised during the campaign.
The attacks sought to exfiltrate military secrets, particularly naval research data, by exploiting the comparatively weaker cybersecurity defenses common in academic environments relative to military contractors. While the exact scope of data compromised at the University of Washington was not publicly disclosed, the pattern of targeting indicated interest in its maritime research capabilities. Analysts assessed that the Chinese government likely sponsored the group due to the consistent focus on U.S. military-related intellectual property. This campaign formed part of a broader pattern of Chinese cyber operations against Western defense interests, including a separate 2018 breach of a U.S. Navy contractor attributed to the same actors. The revelations emerged during heightened U.S.-China trade tensions and security concerns regarding Chinese technology firms, amplifying diplomatic strains between the two nations. No specific institutional responses from the University of Washington were detailed in public reporting.