Cyber Incident Victim: Heriot-Watt University
Date:
Mar 2022
Location:
United Kingdom
Summary
Heriot-Watt University experienced a disruptive cyber attack causing a prolonged IT outage affecting critical systems and services. The incident compromised on-premises infrastructure, rendering VPN access, finance systems, staff shared resources, and internal directories unavailable for over a week. The university confirmed the event as a malicious security breach after initially describing it as an unspecified incident, with recovery efforts extending beyond initial disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Heriot-Watt University in Edinburgh experienced a significant cyber attack beginning on or around March 8, 2022, leading to a prolonged IT outage that persisted for at least two weeks. The university's IT team initially described the event as a "security incident" before a spokesperson confirmed to media outlets that it was a deliberate cyber attack. Critical on-premises infrastructure systems were compromised, resulting in widespread service disruptions across the university's operations. The VPN service became inaccessible, severing remote access capabilities for staff and students. The Oracle R12 Finance System, essential for financial operations, was rendered inoperable. Shared network drives designated for staff collaboration also went offline, hindering administrative workflows and resource sharing.
By March 24, 2022, core directory services containing staff and student contact information remained unavailable, indicating persistent compromise of foundational identity management systems. The university did not disclose the attack vector or identity of the threat actors. No restoration timeline or specific containment measures were publicly detailed during the initial two-week outage period. The incident caused operational paralysis affecting academic, administrative, and financial functions university-wide. The duration of the disruption suggested extensive damage to infrastructure requiring complex recovery efforts.