Denial-of-Service attack on KTH's email system

Measures were taken immediately, both internally and in collaboration with staff at the Swedish university network Sunet. Traffic filtering was initiated, but as is always the case, this resulted in legitimate traffic also being restricted, leading to reduced availability – primarily outside KTH. During the attack, the infrastructure supporting the email system suffered from a shortage of resources that could not be resolved by restarting the system. This is an issue that has been raised globally with the supplier of the equipment in question.

In parallel with the attempt to restart the system, a migration to another system was initiated and completed on Sunday, with traffic to this system being gradually released from Sunday evening to Monday lunchtime. The email system itself has been operational throughout the entire period and has not been affected by the attack or other system issues. Email to and from KTH has been delivered as usual throughout the period, as the problem concerned only users’ access to the email system. In connection with adjustments to access filters, certain disruptions have been noted, which are being addressed on an ongoing basis.

As a public authority, KTH is obliged to report incidents of this nature to the Swedish Civil Defence and Resilience Agency, which has also been done.

Text: IT department