The attacks, which apparently compromised servers as recently as April 3, are currently be investigated, according to an advisory posted April 6 by the Information Technology Systems and Services group at Stanford.
"Stanford, along with a large number of research institutions and high-performance computing centers, has become a target for some sophisticated Linux and Solaris attacks," the ITSS said in its Web advisory. "The attacker appears to be deliberately targeting machines in academic and high-performance computing environments, rather than attacking systems indiscriminately."
Members of Stanford's security team declined to comment, and the university's chief information security officer could not immediately be reached.
It is unclear when the attacks first occurred, an example of a compromised computer included in the advisory occurred April 3. The unknown attackers use common password-cracking tools to gain access to any account on a server and then gain further access by using security flaws in the software.
"The perpetrators regularly gain access to an unprivileged local user account, presumably by sniffing passwords, cracking passwords from other compromised systems, or by triggering vulnerabilities in remotely accessible services," the Stanford advisory states.
Such local vulnerabilities, as they are called, have led to several compromises on the servers used to host Linux development and distribution in recent months.
