Threat Intelligence Tarot
pentacles · 5
Criminal (suspected Russian-speaking)
G1017★★★★★
risk 3/5
✦ The Schoolyard ✦
Vice Society
DEV-0832
K-12 schoolsUniversitiesSchool districtsLos Angeles USDUK education sector
Active since ~2021 · Education sector ransomware, Data theft and extortion, Low-security target exploitation
It targets schools because schools have poor security, large datasets, and little budget for ransom. When Los Angeles Unified refused to pay, Vice Society published student therapy notes and mental health records. The Schoolyard does not care what it breaks to extract payment.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
Notable Operations
- ◆Los Angeles Unified School District attack - student mental health records leaked (2022)
- ◆UK education sector systematic targeting
- ◆Student PII including therapy notes published when ransom unpaid
- ◆CISA advisory specifically warning education sector (2022)
Defenses
- ▸Education sector incident response planning with state resourcesCISA K-12 guidance
- ▸Student PII data minimization and access controlsFERPA compliance
- ▸Multi-factor authentication for school district staff accountsCIS Control 6 ↗
- ▸Offline backup systems for student data and systemsCIS Control 11 ↗
Reversed: Their Weakness
Vice Society's targeting of K-12 schools - organizations with political visibility and community sympathy - generated disproportionate government attention, resulting in a dedicated CISA advisory and coordinated law enforcement focus on a group that might otherwise have operated beneath the radar.
Share this adversary profile
swipe to browse
Related Adversaries
Data sourced from MITRE ATT&CK. For educational purposes.