The Multiple Supercomputers hacked across Europe to mine Cryptocurrency

The Multiple Supercomputers hacked across Europe to mine Cryptocurrency

Last week many security incidents have been reported in the Switzerland, Germany, and UK. These security incidents are related to Cryptocurrency Mining Malware. Multiple supercomputers have been infected by cryptocurrency mining malware across Europe. This is not the first time that these types of security incidents happened, these happen every year and done by one of their employees working there. But this is the first time when hackers installed crypto-mining malware in these supercomputers. Now these supercomputers have shut down to investigate the intrusions. 

Supercomputers infected from Crypto-Mining Malware

Many supercomputers have come into the limelight which were infected by this malware. The first report of an attack came into a highlight on Monday from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported security exploitation on the ARCHER login nodes, shut down the ARCHER system to investigate and reset SSH passwords to prevent further intrusions. An Organization that coordinates research projects across supercomputers in the state of Baden-W├╝rttemberg, Germany, also announced on Monday that four of its high-performance computing clusters had to be shut down due to similar security incidents. This included:
  1. The Hawk supercomputer at the High-Performance Computing Center Stuttgart (HLRS) at the University of Stuttgart.
  2. At Karlsruhe Institute of Technology (KIT), there is bwUniCluster 2.0 and ForHLR II clusters.
  3. At Ulm University, There is bwForCluster JUSTUS chemistry and quantum science supercomputer.
  4. At the T├╝bingen University, There is bwForCluster BinAC bioinformatics supercomputer.
On Wednesday, Security researcher Felix von Leitner claimed in a blog post that a supercomputer housed in Barcelona, Spain, was also impacted by a security issue and had been shut down as a result. On Thursday, The Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences, which said it was disconnected a computing cluster from the internet following a security breach.
The same incident happened on Friday, the Julich Research Center in the town of Julich, Germany, said that they had to shut down the JURECA, JUDAC, and JUWELS supercomputers following an IT security incident. On Saturday, The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland also shut down external access to its supercomputer infrastructure following a cyber-incident and until having restored a safe environment. 

How these incidents happened

The Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates research on supercomputers across Europe, has released malware samples and network compromise indicators from some of these incidents. The malware samples were reviewed earlier by Cado Security, a US-based cyber-security firm. The company said the attackers appear to have gained access to the supercomputer clusters via compromised SSH credentials. The login credentials appear to have been stolen from university members given access to the supercomputers to run computing jobs. The hijacked SSH logins belonged to universities in Canada, China, and Poland.

According to the analysis of Chris Doman, Co-Founder of Cado Security, Once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed a tool that mined the Monero (XMR) cryptocurrency. He also said in their statement that there is no official evidence to confirm that all the intrusions have been carried out by the same group, evidence like similar malware file names and network indicators suggests this might be the same attacker.

Does this article being helpful to you? Let us know your thoughts in the comments section and share it with us on Facebook, Twitter, or our LinkedIn Group.


Previous Post Next Post