Grenoble INP evokes an “intrusion” into its computer servers

[mise à jour, le 6 décembre 2022 @ 17h30] ” Following an intrusion into the computer servers of Grenoble INP – UGA, the establishment decided to disconnect all of its servers from the network”. This is what the students of the establishment were able to read in an email signed by its general administrator, Pierre Benech, and a copy of which was sent to the editorial staff.

According to him, “the objective of this disconnection is to isolate the information systems from the outside in order to protect the data of students, staff and partners”.

A few days ago, the communication department was content to mention ” anomalies “, while adding that there was ” nothing dramatic ” there. It has not sent us a new statement and has not returned our last call at the time these lines are published.

[article original, le 2 décembre 2022 @ 14h15] From separate sources, “INP Grenoble is currently undergoing a large-scale computer attack resulting in the compromise of many computer accounts”.

A message attributed to the team of the operational security center (SOC) of the DSI of Inria uses these terms. It does not seem to be distributed indiscriminately: it appears intended exclusively for Inria personnel who have been in correspondence “with at least one person from INP Grenoble”. And this because of a fear: “it may be that your account and your computer have been compromised following one of these exchanges”.

Staff who have opened a file from the INP, clicked on a link, used an IT resource, or connected their computer to its network during “these last 5 months” must take preventive action: change their password, but also report to CERT Inria.

From the outside, Grenoble INP – UGA appears largely disconnected from the Internet. Its website, for example, is unresponsive, as is Ense3’s VMware Horizon environment web portal. But not all resources seem affected. Three Zimbra portals, for example, are still responding.

Joined by the editorial staff, the communication department of Grenoble INP refutes any cyberattack. It only mentions “anomalies on our servers” which led to the isolation, or even the shutdown, of many of them. And to add that there is “nothing dramatic” there.

This spokesperson was not able to tell us the nature of the “abnormalities”. But for him, they are more than enough to justify the measures taken, even though these may seem significant and raise suspicion of a cyberattack. An external service provider was called upon to investigate these “exceptions”. His identity was not given to us.

Mid-September, Toulouse INP was hit by a cyberattack involving ransomware. The family of the latter has not been specified to us and the attack has not, to date, been claimed. The directory had been affected by encryption, blocking the authentication mechanisms, to the point of degrading the physical access capacities to the buildings.

We wish to say thanks to the author of this write-up for this awesome material

Grenoble INP evokes an “intrusion” into its computer servers

Explore our social media accounts as well as other pages related to them