Cyber Incident Victim: University of Oxford
Date:
Feb 2021
Location:
United Kingdom
Summary
Hackers breached biochemical systems at a University of Oxford laboratory involved in COVID-19 research, compromising equipment used to prepare biochemical samples, including those for coronavirus studies. The attackers accessed purification systems and demonstrated the ability to disable pressure alarms, raising concerns about potential data theft or research sabotage. While no clinical research or patient data was affected, the incident endangered intellectual property and vaccine-related work, prompting engagement with national cybersecurity authorities. The intrusion was linked to financially motivated actors reportedly selling stolen data, with connections to prior attacks on academic institutions using ransomware.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2021, hackers breached systems within the University of Oxford’s Division of Structural Biology (Strubi), a laboratory engaged in COVID-19 research. The intrusion was detected after hackers displayed access to multiple systems, including biochemical sample preparation equipment used for purifying proteins in coronavirus-related studies. Timestamps from compromised Windows-based lab equipment interfaces indicated unauthorized activity occurred between February 13 and 14, 2021. Oxford University confirmed the incident on February 25, 2021, following disclosures by Forbes, and stated it had isolated affected systems. The university initiated an investigation and notified the UK’s National Cyber Security Center (NCSC), a branch of GCHQ, as well as the Information Commissioner’s Office. Officials emphasized no clinical research or patient data was compromised, and patient confidentiality remained unaffected.
The attackers accessed machinery controlling biochemical purification processes, with demonstrated ability to disable pressure alarms, raising concerns about potential sabotage of research workflows. Security experts identified risks to intellectual property, including coronavirus vaccine research data, though the university clarified Strubi’s work was not directly linked to the Oxford-AstraZeneca vaccine. Forensic analysis suggested the hackers, reportedly Portuguese-speaking and previously active against Brazilian universities using ransomware, sought financial gain through data theft. The lab’s association with prominent researchers like Sir David Stuart, involved in vaccine development, heightened concerns about targeted exploitation of pandemic-related research. Interpol had previously warned of organized crime groups targeting COVID-19 research institutions, positioning this breach as a potential first confirmed cyberattack against a vaccine research facility. Oxford’s containment efforts and collaboration with national agencies concluded the immediate response phase, with no public disclosure of specific data exfiltrated or long-term operational disruptions.