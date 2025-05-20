The hackers who attempted to disrupt Eindhoven University of Technology (TU/e) ‘s network in January used accounts that had previously been hacked, with login details available on the dark web. A study conducted by cybersecurity company Fox-IT on behalf of the university revealed this.

It was already known that these accounts had been hacked at some point, and the university had asked the account holders to change their passwords. However, staff reused their old passwords, which were not automatically prevented.

Furthermore, the university did not have multi-factor authentication for the VPN login. This allows users to connect to the network from outside the campus, for example, from home. This was planned for the first half 2025 but had not yet been implemented.

Hacker days in the network

The cyber attack was discovered on the evening of Saturday, 11 January. According to researchers, the attackers had breached the network a few days earlier. On Monday, 6 January, they connected to the VPN system. The hackers attempted to log in with three accounts, one successful.

The research shows that the university has narrowly escaped disaster. The hacker managed to gain extensive access to the network, thereby clearing the way to rummage through the network in search of interesting files. This individual could have effectively ‘held the system hostage’. This means that access would be locked digitally and only released upon payment of a ransom, a so-called ransomware attack.

No ransom paid

Ultimately, it did not come to that, as Eindhoven University of Technology took the network offline that night. Consequently, lectures were cancelled and exams postponed. This occurred when the hacker attempted to disable the backups. Without a backup, a digital hostage situation is much more successful. Ransomware victims often face two options: restore the backup or pay the ransom. In the end, the ransom was not paid.

In the meantime, the university reports that the vulnerabilities in cybersecurity have been addressed. It also states that it will continue to invest in this area. “It remains an arms race in which you can never stand still,” concludes Vice-Chairman Patrick Groothuis.

Who is behind the cyberattack remains unclear. It is likely to be a ransomware group seeking a ransom.

