European Supercomputers attacked by hackers to mine Cryptocurrency

Cyberattacks have seen a sharp surge in recent times. We’ve already witnessed organizations working towards COVID-19 research being attacked by threat actors. And now, multiple supercomputers across Europe have been infected with a crypto-malware attack and shut down for further investigation. These security attacks have been reported in the UK, Germany, and Switzerland.

As reported by ZDNet, hacking attacks on supercomputers took place after the organizations had announced that they were prioritizing research on the COVID-19 outbreak. The first report of the incident surfaced last week, when the University of Edinburgh revealed that its ARCHER supercomputer has been exploited, which is why it had to shut down the ARCHER system to investigate and reset SSH passwords to avoid further intrusions.

Similarly, the bwHPC in Germany, also reported that five of its high-performance computing clusters were attacked because of which they had to be shut down. Similar reports of security-related incidents also came from Spain and Germany.

The report states that there aren’t details published by the organizations so far about the security incident. But, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), released malware samples and network compromise indicators noted in some of these incidents.

These samples were further reviewed by Cado Security, a cyber-security firm, that said hackers gained access to these computing clusters as a result of “compromised SSH credentials”.

These credentials were reportedly stolen from university members that had access to the supercomputers to run computing jobs. These hacked SSH logins belonged to different universities in Canada, China, and Poland. As per Chris Doman, co-founder, Cado Security, attackers had access to a supercomputing node, after which they exploited the CVE-2019-15666 vulnerability to gain root access. These hackers then deployed an application that mined the Monero (XMR) cryptocurrency.

The hacking attacks on supercomputers took place after they had announced a few weeks before that they were prioritizing research on the COVID-19 outbreak.

No comments