On Thursday, April 20. MSU was a target of a large-scale cyberattack interrupting network services for over a week.
In a statement to the Exponent on April 25, MSU spokesperson Mike Becker said, “The university immediately took steps to secure its network and began investigation with the assistance of third-party cybersecurity specialists.”
The third-party specialists include the Federal Bureau of Investigation (FBI) in Salt Lake City, Utah. The Exponent reached out to the FBI for more information. Sandra Barker, an FBI Public Affairs Specialist for the Salt Lake City office, confirmed the organization’s assistance but was not able to comment further, she said.
“This investigation is ongoing,” Becker said. “Services began to return in the days after the attack was detected, with many systems returning to normal operation prior to classes Monday morning. Work continues to bring the rest of our services back to normal as quickly
as possible.”
Over the course of the week, students, faculty and members of the Gallatin Community were connected through email and phone calls to receive updates about the ongoing attempt to restore the MSU network.
Thursday, April 20 was when the first message from University Communications (UC) was released. This message alerted students and faculty that the university was having network issues but did not yet include information about a cyber attack.
Shortly after, on the same day, students and faculty received an email titled “URGENT: Campus networks shutting down, offices remain open, in-person classes continue.” This email warned that MSU had been a victim of a cyberattack and that “MSU networking and internet would be shut down in an effort to contain the attack.” Later in the day, a message was sent out via MSU Alert that informed users that University Information Technology (UIT) experts and law enforcement agencies were working to restore services to campus.
On April 21, another MSU Alert was sent out stating that UIT and law enforcement agencies, working alongside Microsoft, had restored services to D2L and MyInfo, but that networks on campus were still unavailable. Later in the day, another MSU Alert was sent out stating that MSU was moving into the identification and remediation phase of the recovery, establishing multiple new domain controllers to try and prevent reinfection.
A fourth MSU Alert was sent out on April 22 informing campus that UIT staff were working around the clock to restore systems. On April 23, another MSU Alert was sent out stating that it was safe for users to reconnect their devices to the Wi-Fi networks on campus.
The next email was received Tuesday, April 25, updating students on UIT’s progress and telling students that the office had been able to achieve some milestones in restoring network services ahead of schedule.
On Thursday, April 27, UC sent out an email that encouraged students to reset their NetID passwords. “All students, faculty and staff should go to the Self-Service NetID Password Portal at http://password.montana.edu and follow the link to "Go to the password portal." There, please follow the instructions to reset your NetID password. If you are using a device connected to MSU-Secure, you may need to connect to MSU-Guest temporarily in order to reach the password portal,” the statement read.
Another email from UC was sent on Friday, April 28. It stated again that UIT has requested students change their NetID passwords. “Please note, any passwords that have not been changed by the end of the day will be reset automatically,” it read.
Most recently, an email was sent out on May 2 from UC explaining that UIT has restored over 117 servers associated with campus services over the past three days, and that work continues to restore full file server operations.
For students and faculty wondering about the status of MSU services, visit
https://www.montana.edu/communications/april2023cyberincident. To view the page, you will need to log in with your NetID.