On April 13, Western New Mexico University's website and digital system were cyberattacked, leading to a two-week disruption in web-based services, including Canvas, the WNMU website, and the University's email system.
In the following weeks, news sources including Searchlight New Mexico and Source New Mexico began reporting that a group of foreign hackers, who identified themselves as “Qilin” in messages displayed on University computers, had taken WNMU’s web services hostage, crippling the University’s ability to process payroll, internet access on campus and jeopardizing sensitive employee information.
As of May 16, WNMU’s website is accessible to the public again and includes a message from the University about the event.
“On Sunday, April 13, 2025, Western New Mexico University detected unusual activity in its IT environment. WNMU promptly initiated its incident response plan and implemented protective protocols,” reads the announcement from WNMU. “Which included isolating certain systems from the internet. Because of these protective protocols, access to certain WNMU systems and services, including the university’s website, were disrupted.”
According to University of New Mexico IT Information Security and Privacy Officer Jeff Gassaway, the UNM IT team wasn’t immediately aware of the WNMU hacking. Hackers often attack through phishing or infiltrating systems with critical or high-risk vulnerabilities, Gassaway wrote in a statement to the Daily Lobo.
In a phishing scam, a seemingly well-known source sends an email for confidential information that is then used to gain access to a system, according to the Federal Trade Commission.
91% of all cyberattacks begin with a phishing email, according to the UNM Information Security and Privacy Office.
“Attackers that gain access to an active user’s credentials, for example name, pass phrase, or Multi-Factor Authentication (MFA) information can access a system with the role of the person whose credentials they obtain. In addition to that, direct initial account access, attackers can phish other users using the compromised credentials, and/ or connect to other systems, further escalating any intrusion,” Gassaway wrote. “Clearly, this kind of attack is a risk that impacts any kind of institution.”
Vulnerable systems that are not patched or otherwise mitigated in a timely fashion are also a target, since attackers may be able to access those systems directly using a known exploit, bypassing system controls such as user names and passphrases, according to Gassaway.
UNM Libraries systems faced a cyberattack in July 2024, which resulted in no compromised student or employee data, but required that parts of the network associated with UNM Libraries were taken offline for two weeks.
Gaining access to one system can act as leverage to quickly attack other systems as well, according to Gassaway.
UNM does have safeguards in place to prevent cyberattacks on University systems, including usernames and passphrases, and MFA for administration and maintenance activities that can only be performed through a specially authorized account, according to Gassaway.
“We require at least annual security and privacy awareness training for all employees,” Gassaway wrote. “We also have internal phishing campaigns that help our community better recognize and report phishing emails. There are also role-based specific trainings for individuals who have access to sensitive data, systems, etc.”
Get content from The Daily Lobo delivered to your inbox
While he wrote it is best practice not to reveal all actual safeguards that are implemented, he added that firewalls and intrusion detection and prevention processes and tools are used, with staff to monitor and perform regular maintenance.
There are also administrative and management controls over higher-risk activities which undergo peer review before being authorized for implementation, according to Gassaway.
“UNM has a robust information security incident response plan and procedures in place for managing incidents that occur, so that we can quickly identify, contain, remediate and restore systems to service,” Gassaway wrote. “Appropriate communication is a key element of UNM’s incident response plan, and something we collaborate closely on with the relevant UNM departments.”
Maria Fernandez is a beat reporter and photographer for the Daily Lobo. She can be reached at news@dailylobo.com or on X @dailylobo
