A threat actor has allegedly compromised the cloud server of HTW Dresden (University of Applied Sciences for Technology and Economics Dresden), claiming to have exfiltrated 90GB of sensitive data from the university’s Faculty of Informatics.
The claim was made on a dark web forum, where the actor is purportedly offering full and exclusive access to the stolen information in exchange for cryptocurrency payments.
According to the post, the data set consists of 39 compressed ZIP archives containing a variety of academic and research materials, including specialized course materials, research project data, and field reports. The actor claims that the stolen files include:
- Advanced Robotics coursework, such as SLAM and environmental mapping data.
- ERP System training materials, including SAP R/3 modules for Finance (FI), Controlling (CO), and Material Management (MM).
- Research lab data and project files, supposedly containing practical engineering and production management information.
- Group research data, which allegedly includes field reports, travel logs, and potentially personally identifiable information (PII).
The post further asserts that this dataset could be of interest to engineers, researchers, and intelligence operatives, hinting at potential cybersecurity and privacy concerns. The claimed pricing for the dataset starts at $5,000, with payment to be made in Bitcoin or Monero.
