Credential Harvesting at College

10622735858?profile=RESIZE_400xThe cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites.  The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces. This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyberattacks against individual users or affiliated organizations.  Cyber actors continue to conduct attacks against US colleges and universities leading to the exposure of user information on public and cybercriminal forums.

Credential harvesting against an organization is often a result of spear-phishing, ransomware, or other cyber intrusion tactics. According to investigators, the credentials were discovered in January 2022 for sale on a Russian cybercrime forum.  The credentials pertained to several American universities and colleges across the country.  Prices ranged from a few dollars to multiple thousands.  The same document suggested that in May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were found on a publicly available instant messaging platform.

This report also explains the exposure of such sensitive credential and network access information is very detrimental to the institutions as it could lead to cyberattacks against individual users or affiliated organizations.

Higher education institutions should use caution of this current threat and change passwords, as well as be diligent with security measures such as two factor authentication.  Attackers could attempt to breach credit cards or gain access to other personally identifiable information, submit fraudulent transactions on behalf of the institution, exploit other criminal activity, or launch subsequent attacks.

Credentials were obtained via spear-phishing, ransomware, or cyber intrusion tactics.  To mitigate these threats, authorities are calling for colleges, universities, and all academic entities to establish and maintain strong relationships with cyber professionals and local, state and federal law enforcement. 

To help identify potential vulnerabilities and mitigate threats, the report recommends that all academic institutions establish and maintain “strong liaison relationships with the FBI Field Office in their region.”  Additionally,  all higher education institutions should, if necessary, review their incident response and communication strategies in case of a cyber incident.[1]

Law enforcement recommends mitigation strategies aimed at reducing the risk of compromise, such as:

  • Keeping all systems up-to-date
  • Implementing cybersecurity training
  • Requiring strong passwords
  • Utilizing multi-factor authentication (MFA)
  • Using anomaly detection tools
  • Enforcing the principle of least privilege


Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.    For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance