Cyber Incident Victim: University of Cambridge
Date:
Feb 2024
Location:
United Kingdom
Summary
The University of Cambridge experienced a cyberattack involving a Distributed Denial of Service (DDoS) incident targeting its internet services alongside multiple UK higher education institutions using the Janet Network. The attack disrupted access to critical IT systems including CamSIS and Moodle, with the hacker group Anonymous Sudan claiming responsibility and citing motivations related to UK foreign policy in Gaza and Yemen. While services were restored with residual delays possible, the institution resolved the incident and advised affected users to contact support channels for ongoing issues.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 20, 2024, the University of Cambridge experienced a cyberattack disrupting internet services and IT systems across multiple UK higher education institutions. The incident was identified as a Distributed Denial of Service (DDoS) attack, characterized by a deliberate flood of data originating from a large network of compromised machines. This attack impacted critical university platforms including CamSIS, used for student administration, and Moodle, the virtual learning environment, limiting student access to academic resources. Multiple universities sharing the Janet Network—a national research and education data-sharing infrastructure—were simultaneously targeted. The hacker group Anonymous Sudan claimed responsibility for the attack through a Telegram channel, citing the UK government’s support for Israel and military actions in Gaza and Yemen as motivation. The incident coincided with ongoing recovery efforts for the University Library’s electronic legal deposit systems, which had been compromised during an unrelated October 2023 cyberattack on the British Library.
University Information Services (UIS) confirmed the attack’s resolution following mitigation efforts, restoring normal operations for centrally managed IT services. Intermittent network access issues subsided, though residual problems such as email delivery delays persisted in the immediate aftermath. UIS directed affected users to contact its Service Desk for unresolved access problems and advised monitoring service status updates via its dedicated status webpage, which also offered subscription options for email or SMS alerts. The university spokesperson emphasized continuous monitoring to ensure sustained service stability. No data breaches or unauthorized access to internal systems were reported, with the disruption confined primarily to service availability. The coordinated nature of the attack across Janet Network institutions highlighted broader vulnerabilities in shared academic infrastructure under high-volume DDoS conditions.