Cyber Incident Victim: University of Cyprus
Date:
Mar 2023
Location:
Cyprus
Summary
The University of Cyprus successfully thwarted a cyber attack targeting its systems, preventing significant damage after detecting suspicious traffic indicative of unauthorized access to non-critical, outdated infrastructure. IT personnel swiftly isolated the network to protect essential operations, collaborating with the Digital Security Authority to mitigate risks. While critical services such as email, telephony, and cloud resources remained operational, external website access was temporarily disrupted but expected to resume shortly. Preliminary assessments confirmed no major compromise, though officials acknowledged inherent uncertainties in guaranteeing absolute system security. The attack resembled organized campaigns observed against universities and hospitals elsewhere, with potential ransom objectives, though no demands were received in this incident. Internal access and wireless connectivity were restored promptly during containment efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 2, 2023, the University of Cyprus experienced an attempted cyber attack during the early morning hours. The University’s IT department detected unauthorized access targeting non-critical systems that had not been recently upgraded, identifying unusual network traffic indicative of a potential breach. According to Christos Charalambous, Head of the University’s IT Infrastructure Service, this “suspicious traffic” posed a risk of malicious disruption. In response, IT personnel immediately isolated the entire University network from external access to prevent further infiltration and protect critical infrastructure. The swift containment action prevented a “worst case scenario,” as confirmed by University Rector Tasos Christofides, who stated no significant damage occurred due to proactive intervention. Initial assessments suggested the attackers failed to compromise core systems, though investigations were ongoing to verify the full scope of the incident.
The containment measures temporarily restricted external access to the University’s website, though internal network functions and wireless connectivity were restored promptly. Key services such as email, telephony, and certain cloud platforms remained operational throughout the incident, avoiding broader disruptions. Charalambous noted collaboration with Cyprus’ Digital Security Authority, whose support proved instrumental in managing the attack. While preliminary checks revealed no immediate evidence of data loss or system damage, he emphasized that absolute certainty in cybersecurity is unattainable, remarking, “A secure system is only a switched-off system.” By the time of reporting, external website access was anticipated to resume within hours, and no ransom demands had been issued to the University. Christofides characterized the incident as part of a pattern of organized attacks targeting universities, particularly in Israel, and hospitals, commonly linked to financial extortion attempts. Restoration efforts continued under heightened vigilance.