As one of the oldest and most prestigious institutions in the world, this university is also among the top-ranked in the nation for advanced medical research. They have been behind a number of important medical and public health innovations, including the introduction of widely known vaccines, and being on the cutting edge of transplant surgery. As such, the data and intellectual property of their research is extremely valuable, especially to nation-state hackers wishing to steal research for their own country’s advancements.

A Problem Hidden In Private Hacker Chatter

Night Lion Security’s threat intelligence team was monitoring private communications of a well-known hacking group when they began to discussing compromises originating from Amazon AWS S3 buckets.

One of the hackers mentioned discovering AWS credentials belonging to a university after hacking the personal Github account of one of their developers. Many young and inexperienced hackers often seek fame and attention. This case was no different – the hacker reached out to his friends in order to brag about his findings, and to ask for assistance in decoding and stealing the “large amount of data”.

If stolen, the medical data would represent an enormous breach of confidential medical data and intellectual property. A leak of this size could have easily destroyed the entire research program.

The Solution

After intercepting the message, Night Lion’s counterintelligence teams contacted the CISO at this university to inform them of the situation, and the hacker’s active plans to exfiltrate their data from the compromised AWS buckets. The information was quickly confirmed by the University’s security and incident response teams. The developer’s account was shut down, all AWS connections were severed, and all related credentials were immediately invalidated. The hackers were blocked from taking action before any data was stolen or even improperly accessed.