18th May 2020, Kathmandu
Multiple Supercomputers across Europe have been hacked in the past few days to mine cryptocurrency. Hackers have generated a malware attack, which led to the shutting down of many supercomputers for investigating the intrusion.
The reports of security attacks emerged in the UK, Germany, and Switzerland. Besides, there is a rumor of a similar incident at a high-performance computing center in Spain.
The first attack was on Monday at the University of Edinburgh, which runs the ARCHER supercomputer. The supercomputer reportedly detected a “vulnerability in the input nodes.” The authorities had to reset their SSH password after the investigation to prevent the attack.
Likewise, five high-performance supercomputing clusters used at an organization called bwHPC (Germany) had to be shut down due to similar security intrusion.
That’s not where it ends! Security Researcher Felix von Leitner claimed in a blog post that a supercomputer in Barcelona, Spain, also faced a security issue. They had to shut it down as a result.
More security incidents surfaced on Thursday when the Leibniz Computer Center announced a malfunction. They had to disconnect a computer from the Internet.
On Saturday, German Scientist Rober Helling published an analysis of the malware that infected a supercomputer at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany.
Compromisation of SSH Logins
The malware samples led Cado Security, a US-based cybersecurity firm, to conclude that attackers gained access to the supercomputers via compromised SSH credentials. The compromised SSH logins belonged to universities in Canada, China, and Poland.
Cado Security told ZDNet that they had no official evidence to confirm the involvement of the same group behind all the intrusions. According to an analysis by Chris Doman, Co-Founder of Cado Security, the attackers exploited a vulnerability to gain root access to deploy the application that mined the Monero (XMR) cryptocurrency.
Unfortunately, these supercomputers were prioritizing research on the COVID-19 outbreak. This means that these security intrusions most likely hampered the investigation.