The UCLA Atmospheric and Oceanic Sciences website was affected by a hack that converted websites into cryptocurrency mining platforms, the university confirmed Wednesday.
Troy Mursch, a security researcher, said in his updated blog post Monday that UCLA’s Atmospheric and Oceanic Sciences website was affected by a cryptojacking campaign that targeted vulnerable Drupal websites. About 348 websites were compromised, including that of the U.S. National Labor Relations Board and Lenovo, a technology company.
Drupal is an open-source content management system the UCLA Information Technology Services department uses to build and maintain websites, according to the UCLA IT website. It also allows UCLA-affiliated groups and individuals with no programming or technical experience to create websites.
The cryptojacking campaign injected malicious code into websites running an outdated version of Drupal content management system to infect websites and turn them into platforms to mine cryptocurrency.
In late March, Drupal announced a vulnerability in its operating system that would allow hackers to compromise websites using Drupal’s services. Last month, the company announced there have been attack attempts on certain Drupal websites and advised users to assume their sites have been targeted if they had not been patched by April 11.
UCLA spokesperson Ricardo Vazquez said although the UCLA Atmospheric Sciences website was affected, the university does not have knowledge of any visitors’ computers being affected. He added UCLA patched the site after being notified by Drupal and had removed the code causing the hijacking.
Vazquez said that no sensitive or student data was disclosed and if a user’s computer was affected, they should close their browser and restart their computer.