Cyber Incident Victim: Massachusetts Institute of Technology
Date:
Jan 2017
Location:
United States of America
Summary
Chinese state-sponsored hackers targeted the Massachusetts Institute of Technology and other global universities through spear phishing campaigns impersonating partner institutions, aiming to steal maritime military research tied to naval applications. The attacks exploited academic institutions' relatively weaker cybersecurity compared to military contractors, successfully compromising a major US oceanographic research organization linked to naval operations. Security analysts attributed the activity to groups like Temp.Periscope, citing the focus on militarily relevant underwater technology and prior similar breaches of defense contractors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Between 2017 and early 2019, a hacking group known by various names including Temp.Periscope, Mudcarp, and Leviathan conducted a sustained cyber espionage campaign targeting 27 universities globally, with a significant focus on institutions in the United States. The Massachusetts Institute of Technology (MIT) was among the confirmed targets, alongside the University of Washington, Penn State, Duke University, and institutions in Canada and Southeast Asia. Attackers employed spear phishing emails crafted to mimic correspondence from partner universities, delivering malicious payloads when opened. The campaign specifically sought access to maritime military research, prioritizing universities engaged in underwater technology studies or employing faculty with relevant expertise. Many targeted institutions maintained affiliations with the United States' largest oceanographic research institute, which itself had direct ties to the U.S. Navy's warfare center. Cybersecurity firm iDefense, which documented the activity, expressed high confidence that this naval-affiliated research institute had been successfully breached during the campaign.
The attacks represented a strategic shift toward exploiting academic institutions perceived as softer targets compared to hardened military contractors, yet still possessing valuable military-linked research data. iDefense analysts assessed the Chinese government as a likely sponsor of the group, citing the consistent focus on exfiltrating U.S. military secrets, though no definitive attribution evidence was publicly disclosed. The campaign's timeline overlapped with heightened diplomatic tensions between the U.S. and China, including security concerns surrounding Chinese tech firms Huawei and ZTE and ongoing trade disputes marked by reciprocal tariffs. These incidents reinforced warnings from U.S. intelligence agencies regarding persistent Chinese cyber threats targeting defense-related intellectual property. The Wall Street Journal reported on the breaches in March 2019, though several universities remained unnamed due to ongoing investigations at the time of publication. The same hacking group was previously implicated in the June 2018 compromise of a U.S. Navy contractor, indicating a prolonged focus on maritime military technology.