Hackers have attacked multiple supercomputers across Europe last week to mine cryptocurrency, as clusters of supercomputers have been forced to shut down in order to investigate the intrusions.
On May 16, it has been reported by ZDNet news report that these security incidents were reported in the UK, Germany, and Switzerland. Another possible attack occurred in a high-performance computer center in Spain.
However, most of the attacks appear to have targeted universities.
As per the report, the University of Edinburgh, which runs the ARCHER supercomputer, reported the first incident on Monday (May 11).
Major universities’ high-performance computing clusters in the state of Baden-Württemberg, Germany also announced that they were attacked on Monday with similar security incidents, and had to be shut down.
Likewise, more attacks happened in institutions in other parts of Germany, Spain, and Switzerland later in the week. The other victims included:
- Clusters in the Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences
- The Julich Research Center in the town of Julich, Germany
- The Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany
- The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland
The report said that the malware samples released by the Computer Security Incident Response Team (CSIRT) were reviewed by a US-based cyber-security firm. The Computer Security Incident Response Team is a pan-European organization, which coordinates research on supercomputers across Europe.
Moreover, the cyber-security company said that the attackers appear to have stolen university members’ SSH credentials in Canada, China, and Poland in order to gain access to the supercomputer clusters.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.
Thus, Chris Doman, the Co-Founder of Cado Security, said:
“Once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.”