Penn State, a major developer of technology for the US Navy, said there was no evidence that research or personal data such as social security or credit card numbers had been stolen.
The source of the other attack is still being investigated.
Penn State was alerted about a breach by the Federal Bureau of Investigation in November, Penn State executive vice president Nicholas Jones said in a statement.
Mandiant, the forensic unit of FireEye, discovered the 2012 breach during the investigation.
Penn State's Applied Research Laboratory spends more than $100 million a year on research, with most of the funding coming from the U.S. Navy.
The university "fit the bill" as a high-value target, Daniel Ives, who covers cyber-security for FBR Capital Markets.
Penn State said investigators found that a number of college-issued usernames and passwords had been compromised but only a small number had been used to access its network.
The university said the College of Engineering's computer network has been disconnected from the Internet and attempts were being made to recover all systems.
The outage is expected to last for several days and mostly affect the engineering college, Penn State said.
It is normal to keep systems running while breaches were being investigated.
"Cyber-attacks like this - sophisticated, difficult to detect and often linked to international threat actors - are the new normal," said Nick Bennett, senior manager at Mandiant.
"No company or organisation is immune," he said.
© Thomson Reuters 2015