Cyber Incident Victim: Institute of Space Technology
Date:
Mar 2023
Location:
Pakistan
Summary
A ransomware attack by the Medusa group targeted the Institute of Space Technology, compromising sensitive personal data including passports, payslips, and institutional records of students and staff. The hackers demanded a $500,000 ransom for an encryption key, threatening public release on the dark web, with an additional $10,000 fee for extended deadlines. No official response had been issued by the institution at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around March 1, 2023, the Institute of Space Technology (IST), a public university in Islamabad, suffered a ransomware attack executed by the hacking group Medusa. The attackers infiltrated the university’s systems, stealing substantial volumes of sensitive personal data belonging to students and faculty. Following the breach, Medusa publicly claimed responsibility and uploaded photographic evidence confirming possession of the compromised records, including passports, payslip documents, and unspecified analysis details. The group issued a direct ransom demand of $500,000 for an encryption key to restore the university’s access to its data, threatening to release the stolen information on the dark web if payment was not made within nine days. Additionally, Medusa offered the option to extend the deadline by one day for an extra $10,000, indicating a structured escalation in their extortion tactics. At the time of the initial reports, approximately two of the stipulated nine days had elapsed, with no public statement or decision disclosed by IST regarding compliance or negotiation.
The confirmed impact of the attack centered on the exposure of highly sensitive personal and financial records, creating immediate risks of identity theft and fraud for affected individuals. The publication of document samples by the threat actors publicly demonstrated the severity of the breach and heightened pressure on the institution. Operational disruptions to IST’s systems were implied by the ransomware’s encryption mechanism, though specifics regarding affected IT infrastructure or academic operations were not detailed in available sources. The university’s lack of a public response within the initial two-day window following the attackers’ announcement suggested unresolved internal deliberations or incident response activities regarding communication protocols and decision-making processes. The incident underscored escalating ransomware threats targeting educational institutions, emphasizing their vulnerability to financially motivated cyber operations seeking large-scale data exfiltration and extortion.