Cyber Incident Victim: Niigata University

On or around April 13, 2023, Niigata University experienced a significant cybersecurity incident involving unauthorized access to its email systems. The university, which publicly disclosed the event on June 22, 2023, reported that one of its departmental mail servers under its management was compromised by an unauthorized third party. This breach resulted in the takeover of two specific email accounts controlled by the attacker. The illicit activity commenced on Thursday, April 13, at approximately 10:00 PM Japan Standard Time.

The attacker utilized the compromised email accounts to send a massive volume of spam messages. This malicious email campaign was conducted through the university's core mail server infrastructure, effectively using the institution's legitimate email systems to distribute the unwanted messages. The activity persisted for several days, continuing until Monday, April 17, at around 2:30 PM. During this timeframe, the attacker successfully generated and sent approximately 1.51 million spam emails. The scale of the operation was significant, leveraging the university's trusted domain and server resources to bypass typical email security filters that might otherwise block messages from known malicious sources.

The incident was detected by the university's administration at some point after the malicious activity had concluded. Upon discovery of the security breach, Niigata University immediately initiated a response. The primary containment action involved taking the compromised departmental mail server completely offline, ceasing all its operations to prevent any further unauthorized access or email transmissions. The university also enforced password changes for the affected accounts to revoke the attacker's access and secure the accounts against future misuse. These actions were critical first steps in containing the incident and securing the affected systems.

An investigation was conducted to assess the full scope and impact of the breach. The university confirmed that the incident was limited to the abuse of the email system for spam distribution. A thorough review found no evidence that any personal information or other sensitive data was exfiltrated from university systems as a result of this attack. The university stated that it had confirmed no information leakage occurred. Furthermore, at the time of the public announcement in June, no secondary victims or damages stemming from the spam emails had been reported to the institution.

The primary impact of the incident was the operational abuse of the university's email infrastructure and the resulting reputational damage associated with being the source of a large-scale spam campaign. The university issued a public apology to individuals who received the spam messages, acknowledging the inconvenience and discomfort the unwanted emails may have caused. While no data breach occurred, the event represented a serious failure in the security posture of the affected systems.

In its official statement, Niigata University stated that it was treating the matter with grave seriousness. The institution committed to strengthening its cybersecurity measures to prevent a recurrence. Announced response actions included reinforcing strict management practices for email accounts, with a specific emphasis on enforcing strong password policies. The university also pledged to enhance information security awareness education and training for its entire staff and student body, aiming to foster a culture of heightened vigilance across the organization. The DX Promotion Agency Information Infrastructure Center within the university was designated as the official contact point for any inquiries related to the incident.