Cyber Incident Victim: Netherlands
Date:
Jan 2025
Location:
Netherlands
Summary
A cyberattack targeting the Technical University Eindhoven prompted the institution to proactively shut down all systems to contain the incident, causing significant disruption to education and research activities. Concurrently, multiple educational institutions in southern regions and beyond experienced DDoS attacks that overloaded their network infrastructure. Investigations by SURF and the National Cyber Security Centre are ongoing to determine potential links between these incidents, with no evidence of data theft or encryption found at the university. The TU/e announced plans for an external evaluation of its crisis response, while sector-wide coordination facilitated information sharing and mitigation measures to maintain operational continuity across affected institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Saturday evening, January 11, 2025, the Technical University of Eindhoven (TU/e) detected suspicious activity on its network, prompting immediate preventive measures. By that same evening, the university decided to take all systems offline due to the initially assessed scale and impact of the cyberattack. This shutdown severely disrupted academic operations, forcing cancellation of classes starting Monday, January 13, and postponement of examinations. The university communicated the disruption to students, researchers, and staff on Sunday, January 12, while simultaneously initiating an investigation into the compromised infrastructure with police involvement. TU/e maintained control over its systems throughout the incident and found no evidence of data encryption or theft. Restoration proceeded cautiously, prioritizing education and examination systems first, with full academic operations resuming after a week-long suspension. The university extended its academic calendar by one week to mitigate student impacts, coordinating this decision with faculty directors, examination boards, and employee representatives.
Between Wednesday, January 15, and Friday, January 17, multiple educational institutions in southern Netherlands and later other regions experienced ICT disruptions from large-scale DDoS attacks that overloaded the SURF network. SURF, the Computer Emergency Response Team for education, implemented curative and preventive mitigation measures in collaboration with the National Cyber Security Centre (NCSC). Each attack ceased after several hours, though investigations into potential links to the TU/e incident remain ongoing. SURF filed a police report regarding these attacks. Throughout both incidents, sector-wide protocols facilitated information sharing among institutions via existing cybersecurity networks, with SURF and the Education Inspectorate monitoring TU/e’s continuity measures. TU/e announced plans for an external evaluation of its crisis response to share lessons learned across the education sector.