FBI: VPN credentials of US universities are being sold on Russian cybercrime forums


Stolen login credentials to university networks and servers can be used to distribute extortionate software, conduct targeted phishing campaigns, cryptojacking or espionage. Even credential substitution attacks become a serious problem when it comes to tens of thousands of stolen passwords.

According to a new FBI report, attackers are stealing login credentials to the networks of American colleges and universities. The stolen data is then sold to cybercriminal groups or used for credential substitution attacks.

In 2017, the agency discovered that hackers were cloning university login pages and inserting a link to a credential collector into phishing emails. The collected credentials were then sent to the attackers via an automated email from their servers. According to experts, the collection of credentials may be the result of other cyber attacks.

Earlier this year, several US universities’ VPN access credentials were put up for sale on Russian cybercrime forums. Prices for them reached several thousand dollars.

Last year, there were more than 36,000 email addresses using a top-level domain.edu, and their associated passwords were discovered on a public instant messaging platform. And a year before that, the FBI discovered about 2,000 pairs of credentials posted on the darknet, for which the seller demanded payment to his bitcoin wallet.

Start a discussion …