TU/e hackers had undetected access to the university for days
Fox-IT report on TU/e cyber attack reveals compromised accounts and lack of multi-factor authentication led to a week-long shutdown.
Published on May 19, 2025
Team IO+ selects and features the most important news stories on innovation and technology, carefully curated by our editors.
The Eindhoven University of Technology (TU/e) published the results of a report to investigate the dynamics of the cyber attack it suffered last January. The analysis, conducted by cybersecurity firm Fox-IT, suggests a ransomware group could be behind the attack, which led to a week-long shutdown of university operations. The hacker used compromised accounts found on the dark web, highlighting the need for stronger password policies.
The cyber attack on TU/e, executed between 6 January and 11 January 2025, unfolded under stealth until it was uncovered on the final day. The investigation by Fox-IT revealed that the infiltrator gained access through compromised university accounts previously exposed on the dark web. Alarmingly, despite earlier warnings and instructions to change passwords, the same old credentials were reused by account holders, allowing the hacker substantial leeway into the network. The significant lapse in security highlighted an urgent need for robust password management protocols at TU/e.
Investigation and analysis by Fox-IT
Fox-IT's comprehensive investigation did not pinpoint the hackers' identities but indicated a high likelihood of a ransomware group's involvement. The attackers' strategy aligned with extortion typologies, intending to leverage university data for ransom. This security breach resulted in a full network shutdown, causing a week-long operational halt at TU/e, impacting educational processes and administrative functionalities. Fox-IT's analysis underscored the strategic gaps in TU/e's cybersecurity infrastructure, specifically lacking multi-factor authentication on their VPN system, urging immediate rectification to mitigate future vulnerabilities.
Faced with the cyber crisis, Fox-IT praises TU/e's rapid response mobilizing its crisis management protocols, which were lauded by the COT Institute for Security and Crisis Management. The escalation during the weekend necessitated swift action, and TU/e's response was cited as a model for other institutions. The COT's report applauded the university's resilience and technical adeptness, enabling them to manage the crisis effectively despite adverse timing. Yet, recommendations for documenting crisis procedures highlighted areas for enhancement in future incident handling.
Reflections and future preparedness
Patrick Groothuis, TU/e's vice president, emphasised the university's positive evaluation while recognising the devastating impact the attack had on academic and employment numbers. This incident fostered a commitment to comprehensive improvements in cybersecurity measures. Groothuis acknowledged the constant threat landscape, committing to the COT's recommendations and further investments in cybersecurity infrastructures. The ongoing endeavour to fortify defences reflects TU/e's dedication to safeguarding intellectual assets and operational integrity, recognising cybersecurity as an evolving battleground.
The TU/e has publicly made its investigation reports accessible, inviting other institutions to learn from their experience. This initiative underscores the university's obligation to community sharing and educational enhancement beyond its perimeter walls. By allowing insights into their handling of the cyber crisis, TU/e advocates for a collective elevation of protective measures in the educational sector, offering critical lessons on crisis management and proactive risk mitigation. Such forthrightness aims to bolster collective resilience across academic entities, fostering a unified defensive stance against cyber threats.
