UNAM Confirms Cyberattack Amidst Increased Targeting of Educational Institutions
The Universidad Nacional Autónoma de México (UNAM) has reported a cyberattack affecting five of its IT systems, detected and contained during the winter vacation period. The institution activated its security protocols promptly, confirming that no data was extracted in the aftermath of the incident.
This rapid response, managed by the General Directorate of Computing and Information and Communication Technologies (DGTIC), was crucial to mitigating potential damage. By isolating affected systems, the university was able to prevent the vulnerability from spreading to its central infrastructure. The swift initiation of institutional protocols involved disabling compromised systems, underscoring a proactive approach to information security incidents.
With the UNAM controlling a network comprising over 100,000 information systems, the compartmentalization strategy proved effective, ensuring that more than 99.99% of its infrastructure remained secure and operational. The university’s official statement highlighted this significant outcome, reaffirming the integrity of their data-holding systems.
The incident highlights a growing trend where educational institutions face increased threats from cybercriminals. Reports indicate ongoing investigations into multiple attempts to breach UNAM’s digital defenses dating back to March 2024, further emphasizing the importance of robust cybersecurity practices in safeguarding sensitive personal data and intellectual property housed within academic environments.
Regarding data integrity, the General Directorate of Social Communication (DGCS) noted that there were no signs of information extraction from the systems containing student and staff data. This response directly addresses rumors of potential breaches linked to specific databases, such as those from the Chemistry Faculty, in alignment with initial findings from digital forensic analysis conducted by the DGTIC.
In the wake of the containment measures, UNAM is collaborating with local and federal cybersecurity authorities. This coordinated effort encompasses legal actions and cooperation with digital intelligence units to trace the source and methodology of the cyber intrusion. This incident follows a series of recent attacks on governmental and autonomous entities in Mexico, echoing concerns raised by breaches at the Supreme Court of Justice and the Tax Administration Service.
In 2024 alone, the education sector in Mexico reported a staggering 22% increase in attempted cyberattacks, averaging over 3,500 events weekly per institution. Previous incidents, such as the data leak involving schools like CBTis 76 and CETis 44—linked to a cybercriminal identified as “marssepe” in online forums—illustrate the severe ramifications of direct access to sensitive databases.
While the Ministry of Public Education (SEP) allocated MX$246 million (approximately US$13.6 million) for cybersecurity measures in 2024, the lack of standardized response plans across various administrative levels creates significant vulnerabilities. The developments following the UNAM incident reaffirm the necessity for regular audits and the updating of regulatory frameworks concerning data protection within the Mexican academic sector.
In examining this cyberattack through the lens of the MITRE ATT&CK framework, tactics such as initial access may have played a role, potentially leveraging exploitation of vulnerabilities to gain system entry. Persistence and privilege escalation techniques could also have been implicated, highlighting the need for continual vigilance and advanced security protocols as educational institutions navigate an increasingly perilous digital landscape.
