FunkSec Hacking Group Claims Breach of UNIMORE University’s Systems

• Italian UNIMORE Univeristy is reportedly the latest victim of the FunkSec threat actor.
• The recently emerged ransomware group gave a deadline for the ransom to be paid.
• Once they leak the allegedly exfiltrated data, they plan to deploy a DDoS attack on UNIMORE.

The FunkSec hacking group has claimed responsibility for a significant security breach targeting UNIMORE - Università degli Studi di Modena e Reggio Emilia. They reportedly exfiltrated critical internal data, according to a statement allegedly posted by the cybercriminals.  

FunkSec claims to have extracted approximately 1,000 files from UNIMORE's intranet systems. The stolen data includes a variety of sensitive and potentially damaging information, such as:

• Files related to the U-Gov project
• Financial transactions and internal documentation  
• Confidential plans  
• PDFs, DOCs, and XLSX files
• Internal messages and Gmail data, the latter reportedly containing phone numbers 

The presence of U-Gov project data could pose significant implications, as this integrated platform handles administrative processes like human resources, finance, and planning in educational institutions. The exposure of this information may impact the university's operational transparency and security.  

To compound the situation, FunkSec has issued a ransom demand, giving UNIMORE a deadline of March 20, 2025, to meet their undisclosed monetary terms. 

The threat actor announced its intent to conduct a Distributed Denial of Service (DDoS) attack on UNIMORE after they leak the stolen data. 

There is no confirmation on whether the university plans to cooperate or involve law enforcement authorities such as Europol or Italy's Cybersecurity Agency. UNIMORE has yet to release an official statement addressing the breach or detailing its response.  

FunkSec has quickly risen to prominence since its debut in late 2024 due to its aggressive operations and innovative use of tools in malware development, which employ the help of artificial intelligence (AI). Yet, they are seen as inexperienced.

Ransomware attacks on education sector targets this year include the Rhysida-claimed Pembina Trails School Division cyberattack and the University of Oklahoma one attributed to the Fog ransomware group.