Cyber Incident Victim: University of Basel

In early October 2020, threat actors conducted a financial theft campaign targeting multiple Swiss universities, including the University of Basel. The attackers employed spear-phishing techniques against university employees to harvest their login credentials. After successfully compromising these credentials, the hackers infiltrated university systems responsible for processing salary payments. They specifically manipulated payment instructions by altering beneficiary bank account details to divert funds to accounts under their control. The Basel public prosecutor's office confirmed the unauthorized system access and fraudulent transaction modifications at affected institutions. While the University of Basel suffered financial losses, the University of Zurich successfully identified and neutralized similar phishing attempts before any funds were stolen.

The attack resulted in the theft of a six-figure sum from compromised universities, with stolen funds rapidly transferred to foreign bank accounts. Swissuniversities, the national higher education umbrella organization, issued warnings to member institutions following the discovery of the breaches. Martina Weiss, Secretary General of the Rectors' Conference, publicly acknowledged multiple universities were impacted. The incident prompted heightened vigilance across Swiss academic institutions regarding financial transaction processes. No technical details about the compromised systems or specific forensic findings were disclosed publicly beyond the confirmation of phishing-based initial access and subsequent payment redirection. The Basel prosecutor's investigation remained active at the time of reporting, focusing on the international movement of misappropriated funds.