Cyber Incident Victim: 東海大学
Date:
Apr 2025
Location:
Japan
Summary
東海大学 announced that its network servers had been subjected to unauthorized access and infected with ransomware, causing email and educational systems to become unavailable at the Shizuoka campus and other locations. The infection affected ten affiliated institutions and campuses, leading to the suspension of some classes. University officials established a response headquarters at the Shonan campus, isolated the compromised servers, and began recovery work while police cyber investigators examined the Shizuoka campus. The network link between the Shizuoka and Shonan campuses was severed to prevent further spread, and the presence of the virus on other systems remained under verification. Electronic bulletin boards were installed on campus to inform students, and staff were occupied with the response efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 17, 2025, Tokai University noticed that some of its websites were not displaying correctly; investigation revealed that extensions of certain content files had been altered. On April 18, the university announced that its internal network servers had suffered unauthorized access and had been infected with ransomware. At 6:00 p.m. that day, the Shizuoka campus and other internal locations found that email and educational systems were unavailable.
The disruption affected ten institutions and campuses within the university system, with some classes being suspended as a result. At the Shizuoka campus around noon on April 18, officers from the prefectural police cyber division arrived to begin an investigation. The university reported that the network link between the Shonan campus and the affected segment had already been severed to prevent further spread. While the presence of the virus was still being verified.
In response, the university established a countermeasure headquarters at its Shonan campus in Kanagawa Prefecture, where it isolated the compromised server and continued recovery operations. To keep the campus community informed, electronic bulletin boards were installed on site to explain the situation to students, and staff were occupied with managing the incident. Recovery work was ongoing at the time of the report.