The College of Engineering at Penn State University has cut its connection to the Internet in response to two significant breaches of its systems by hackers, who have, in at least one case, been traced to a group with ties to state-sponsored hackers in China.
The school disclosed the attacks today and said that it had hired Mandiant, the incident response division of the computer security firm FireEye, to help investigate the breach and to recover affected systems.
“In a coordinated and deliberate response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems is under way,” Nicholas P. Jones, executive vice president and provost at Penn State, said in a statement. The Internet outage is expected to last several days, he said. The school’s website was unavailable this afternoon.
The university was first alerted to the attack by the FBI in November of 2014. At the time, the attack was still in process and the identity of the attackers still unknown. Repeating a tactic used when hackers were discovered accessing the systems belonging to the New York Times, administrators decided to investigate the attack while it was still under way, and thus leave the attackers unaware that they had been discovered. In the course of the investigation, they learned that the attack had begun as early as 2012.
While its unclear exactly what the intent of the hackers was, it doesn’t take much imagination to guess. Penn State is one the most influential academic research institutions in the U.S. and has ties to several private companies and the U.S. Department of Defense. Typically, the target of China’s state-sponsored hackers has been data that can be useful to Chinese companies, including product designs, results of research and the email of high-ranking executives.
State-sponsored hackers in China have been linked to numerous high-profile attacks against companies and institutions in the U.S., Canada and the U.K. In 2013, Mandiant fingered a unit of the People’s Liberation Army operating out of a nondescript office building in Shanghai as having been responsible for a series of attacks against several companies that were never named, but the timing of which coincided with breaches disclosed by RSA, Intel and Google.
The university said it notified 18,000 students and professors that their personal data, including social security numbers, were stored on one of the systems breached in the attack. Additionally, it has notified 500 partners — including private companies, government agencies and other academic institutions — about the breach.
This article originally appeared on Recode.net.