Cyber Incident Victim: De La Salle University
Date:
Oct 2023
Location:
Philippines
Summary
De La Salle University experienced a cybersecurity incident affecting its on-premise-hosted applications, though student records and cloud-based systems remained uncompromised. The institution implemented preventive measures including taking network systems offline, restricting use of university-issued devices, and enhancing security protocols for Google Workspace accounts. A third-party cybersecurity firm was engaged to investigate the breach, while some academic activities transitioned to online delivery during system restoration efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
De La Salle University (DLSU) in Manila experienced a cybersecurity incident on October 9, 2023, which disrupted its locally hosted on-premise applications. The university’s initial internal investigation confirmed the compromise of these systems but found no evidence of unauthorized access to student records or cloud-hosted applications. This distinction indicated the attack selectively targeted specific infrastructure components while leaving cloud-based resources unaffected. In response to the breach, DLSU temporarily suspended affected network systems to prevent further unauthorized access and contain potential data exfiltration. The incident necessitated operational adjustments, including the transition of certain classes and lectures to online delivery formats until further notice. University administrators issued a public statement assuring stakeholders of the integrity of academic records and critical cloud services, emphasizing that core educational functions remained secure despite the disruption to local systems.
DLSU implemented multiple containment measures following the attack, including restricting the use of all university-issued computers and laptops to limit potential lateral movement within the network. The institution mandated enhanced security protocols for Google Workspace accounts, requiring additional authentication measures to protect email and collaborative platforms. To investigate the incident’s origin and scope, DLSU engaged Mandiant, a global cybersecurity firm specializing in incident response and forensic analysis. The university maintained offline status for compromised systems during the investigation phase to preserve evidence and prevent reactivation of attacker access points. Restoration efforts focused on gradually bringing network systems back online after implementing security enhancements, though no specific timeline for full recovery was provided. DLSU committed to providing ongoing updates to its community as the investigation progressed and systems were methodically restored, prioritizing operational continuity while maintaining security safeguards against further incidents.