Cyber Incident Victim: Pennsylvania State University
Date:
Jan 2017
Location:
United States of America
Summary
Pennsylvania State University was among multiple academic institutions targeted in a sustained cyber espionage campaign employing spear phishing emails disguised as communications from partner universities. The attacks, linked to groups such as Temp.Periscope and Leviathan, sought to compromise maritime military research, particularly focusing on institutions with expertise in underwater technology or affiliations with U.S. naval research programs. Analysts assessed the operation as likely state-sponsored due to its alignment with Chinese strategic interests in military-related intellectual property. The campaign exploited universities' perceived vulnerabilities compared to direct military contractors, aiming to exfiltrate sensitive data tied to naval applications. This activity coincided with heightened geopolitical tensions involving technology security concerns and trade disputes between the U.S. and China.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Between 2017 and early 2019, Pennsylvania State University was among 27 universities globally targeted by a Chinese cyberespionage group known by various aliases, including Temp.Periscope, Mudcarp, and Leviathan. The attackers employed spear phishing emails crafted to mimic correspondence from partner institutions, containing malicious payloads designed to compromise systems upon opening. This campaign specifically focused on universities conducting maritime technology research or hosting faculty with expertise in underwater systems, many of which maintained affiliations with a major US oceanographic research institute linked to the US Navy's warfare capabilities. While the full list of targeted schools was not publicly disclosed due to ongoing investigations, anonymous sources confirmed Penn State and Duke University were among the US institutions breached. The attackers sought military-related research data, exploiting universities as softer targets compared to direct military contractors while still accessing valuable defense information.
The operation formed part of sustained cyber intrusions dating back to at least 2017, with security firm iDefense reporting high confidence that the affiliated oceanographic institute had been successfully compromised. Analysts assessed the Chinese government as the likely sponsor due to the consistent focus on extracting US naval military secrets, mirroring tactics used in a separate 2018 breach of a Navy contractor. These attacks occurred against a backdrop of escalating US-China trade tensions, including tariffs and security concerns regarding Chinese technology firms Huawei and ZTE. The timing amplified diplomatic strains, with US intelligence agencies citing such incidents as validation of persistent cyber threats originating from China. No specific remediation actions by Penn State were detailed in public reporting, though the campaign highlighted systemic vulnerabilities in academic institutions housing sensitive defense research.