Cyber Incident Victim: University of Hawaii
Date:
Jan 2017
Location:
United States of America
Summary
Chinese hackers targeted the University of Hawaii and other academic institutions globally through spear phishing campaigns impersonating partner universities, aiming to compromise maritime military research. The attacks focused on universities conducting underwater technology studies or with faculty linked to a major US oceanographic research institute affiliated with naval operations. While the group's direct ties to the Chinese government remain unconfirmed, analysts assessed state sponsorship as likely due to the targeting of military-related data. The campaign, attributed to actors known as Temp.Periscope or Mudcarp, formed part of broader cyber espionage efforts against entities holding sensitive defense information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Between 2017 and early 2019, a Chinese state-sponsored hacking group known as Temp.Periscope, Mudcarp, or Leviathan conducted a sustained cyber espionage campaign targeting at least 27 universities globally, including prominent U.S. institutions such as MIT, the University of Washington, Penn State, and Duke University. The attackers focused on universities engaged in maritime technology research or those with faculty possessing expertise in underwater systems, particularly institutions affiliated with the United States’ largest oceanographic research organization—an entity closely linked to the U.S. Naval Warfare Center. The group employed spear phishing emails meticulously crafted to impersonate legitimate communications from partner universities, containing malicious attachments or links designed to deploy payloads when opened. This tactic exploited the relatively open nature of academic networks compared to hardened military-industrial targets, leveraging universities as conduits to access sensitive naval research data.
The campaign successfully compromised multiple targets, with cybersecurity firm iDefense expressing high confidence that the primary oceanographic research institute tied to the U.S. Navy had been breached. While the full scope of exfiltrated data remains undisclosed, the targeting pattern indicated a strategic interest in underwater warfare capabilities, submarine technology, and related military secrets. The attacks coincided with escalating U.S.-China trade tensions and U.S. intelligence warnings about Chinese intellectual property theft, though no direct public attribution to Chinese government entities was confirmed. Investigations by iDefense and partner organizations remained ongoing as of March 2019, with many victim institutions unnamed due to operational sensitivities. The incident highlighted persistent threats to academic research infrastructure and its role in national defense ecosystems, occurring alongside separate Chinese cyber operations against U.S. Navy contractors in preceding years.