Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions.
Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain.
The first report of an attack came to light on Monday from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported "security exploitation on the ARCHER login nodes," shut down the ARCHER system to investigate, and reset SSH passwords to prevent further intrusions.
The bwHPC, the organization that coordinates research projects across supercomputers in the state of Baden-Wrttemberg, Germany, also announced on Monday that five of its high-performance computing clusters had to be shut down due to similar "security incidents." This included:
Reports continued on Wednesday when security researcher Felix von Leitner claimed in a blog post that a supercomputer housed in Barcelona, Spain, was also impacted by a security issue and had been shut down as a result.
More incidents surfaced the next day, on Thursday. The first one came from the Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences, which said it was disconnected a computing cluster from the internet following a security breach.
The LRZ announcement was followed later in the day by another from the Julich Research Center in the town of Julich, Germany. Officials said they had to shut down the JURECA, JUDAC, and JUWELS supercomputers following an "IT security incident." And so has the Technical University in Dresden, which announced they had to shut down their Taurus supercomputer as well.
New incidents also came to light today, on Saturday. German scientist Robert Helling published an analysis on the malware that infected a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany.
The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland also shut down external access to its supercomputer infrastructure following a "cyber-incident" and "until having restored a safe environment."
None of the organizations above published any details about the intrusions. However, earlier today, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates research on supercomputers across Europe, has released malware samples and network compromise indicators from some of these incidents.
The malware samples were reviewed earlier today by Cado Security, a UK-based cyber-security firm. The company said the attackers appear to have gained access to the supercomputer clusters via compromised SSH credentials.
The credentials appear to have been stolen from university members given access to the supercomputers to run computing jobs. The hijacked SSH logins belonged to universities in Canada, China, and Poland.
Chris Doman, Co-Founder of Cado Security, told ZDNet today that while there is no official evidence to confirm that all the intrusions have been carried out by the same group, evidence like similar malware file names and network indicators suggests this might be the same threat actor.
According to Doman's analysis, once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.
Making matters worse, many of the organizations that had supercomputers go down this week had announced in previous weeks that they were prioritizing research on the COVID-19 outbreak, which has now most likely been hampered as a result of the intrusion and subsequent downtime.
These incidents aren't the first time that crypto-mining malware has been installed on a supercomputer. However, this marks the first time when hackers did this. In previous incidents, it was usually an employee who installed the cryptocurrency miner, for their own personal gain.
For example, in February 2018, Russian authorities arrested engineers from the Russian Nuclear Center for using the agency's supercomputer to mine cryptocurrency.
A month later, Australian officials began an investigation into a similar case at the Bureau of Meteorology, where employees used the agency's supercomputer to mine cryptocurrency.
More here:
Supercomputers hacked across Europe to mine cryptocurrency - ZDNet
- New Microsoft Ads Take Aim at Mac Pricing - November 8th, 2009 [November 8th, 2009]
- Adobe Flash Comes to TV - November 8th, 2009 [November 8th, 2009]
- Microsoft Introduces Windows 7 Starter Edition - November 8th, 2009 [November 8th, 2009]
- Mac Viruses and Trojans Becoming More Prevalent - November 8th, 2009 [November 8th, 2009]
- Apple ‘Customer Experience’ Continues to Trounce PCs - November 8th, 2009 [November 8th, 2009]
- Seagate Introduces ‘Replica’ Drive to Backup Entire PC - November 8th, 2009 [November 8th, 2009]
- Still Love XP? Run it on Windows 7! - November 8th, 2009 [November 8th, 2009]
- Is Microsoft Ditching Vista? - November 8th, 2009 [November 8th, 2009]
- The Kindle DX: Not Exactly a Textbook Killer - November 8th, 2009 [November 8th, 2009]
- The Smart Shopper’s Guide to Buying a Wireless Router - May 19th, 2010 [May 19th, 2010]
- iTunes 10: So Long, Ringtone Creator - Thanks for the Memories - October 17th, 2010 [October 17th, 2010]
- iTunes 10: So Long, Ringtone Creator – Thanks for the Memories - February 14th, 2011 [February 14th, 2011]
- How to Make Your Laptop Last Longer - February 14th, 2011 [February 14th, 2011]
- Client Build 5 UPDATE: Personal Super Computer 2011 (SR-2 X5690 OCZ Vertex 3 GTX590 Nvidia Tesla) - Video - March 29th, 2012 [March 29th, 2012]
- Super Micro Computer, Inc. Announces 3rd Quarter 2012 Financial Results - April 25th, 2012 [April 25th, 2012]
- Super Micro Computer Q3 Profit Slips - Quick Facts - April 25th, 2012 [April 25th, 2012]
- Super Computer Maker Cray and Intel strike Partnership - April 25th, 2012 [April 25th, 2012]
- Super Micro Computer Q3 12 Earnings Conference Call At 5:00 PM ET - April 25th, 2012 [April 25th, 2012]
- Herd mentallity and the information super highway - Video - April 25th, 2012 [April 25th, 2012]
- Brain vs. Computer - Video - May 4th, 2012 [May 4th, 2012]
- Minecraft World First - Most wanted redstone device - Video - May 4th, 2012 [May 4th, 2012]
- PS3 Jailbreak Tutorial 4.11 WORKING - Video - May 4th, 2012 [May 4th, 2012]
- China's Tianhe-1 supercomputer begins operations - Video - May 4th, 2012 [May 4th, 2012]
- June 2011 TOP500 Review looks at Japan's K Supercomputer - Video - May 4th, 2012 [May 4th, 2012]
- Super Vision for Soldiers - May 5th, 2012 [May 5th, 2012]
- The Super Sonic Show Episode 0-Computer Help - Video - May 7th, 2012 [May 7th, 2012]
- Why Super Micro Computer's Earnings May Be Less Than Awesome - May 10th, 2012 [May 10th, 2012]
- Magnetic bacteria may help build computer hard drives - May 10th, 2012 [May 10th, 2012]
- SUPER WHY! Around the World Adventure Kicks off PBS KIDS Summer Learning Initiative This June - May 10th, 2012 [May 10th, 2012]
- Tutorial SUPER COMPUTER girl 3750 sylvia Vs fem game 4 (3550) - Video - May 10th, 2012 [May 10th, 2012]
- SUPER COMPUTER Wii best 3750 sylvia Vs learn chess 4 (3550) - Video - May 10th, 2012 [May 10th, 2012]
- SUPER COMPUTER girls city 3750 sylvia Vs RYBKA 4 (3550) - Video - May 10th, 2012 [May 10th, 2012]
- John Laban - Open University Super Computer Room - Video - May 10th, 2012 [May 10th, 2012]
- Can A Super Computer Save Banking? Part 2 of 2 - Video - May 10th, 2012 [May 10th, 2012]
- Supermicro® Launches Widest Range of UP Server Platforms Supporting Intel® Xeon® E3-1200 v2 - May 16th, 2012 [May 16th, 2012]
- Supermicro® Debuts New X9 DP and 4-Way MP Platforms - May 16th, 2012 [May 16th, 2012]
- Supermicro® Launches Widest Range of Server Platforms Supporting Intel® Xeon® E3-1200 v2 - May 16th, 2012 [May 16th, 2012]
- Invention kit for banana pianos, alphabet soup keyboards - May 16th, 2012 [May 16th, 2012]
- A few errors could be key to super-efficient computer chips - May 20th, 2012 [May 20th, 2012]
- Supermicro® Highlights Latest GPU SuperServer®, SuperBlade® and ... - May 20th, 2012 [May 20th, 2012]
- Kontron HPEC Platform Chosen by Military Embedded Systems Magazine for Editor's Choice Award - May 20th, 2012 [May 20th, 2012]
- Raspberry Pi to rebirth an era of Woz-like super creativity? - May 20th, 2012 [May 20th, 2012]
- Taste and tale of success - May 20th, 2012 [May 20th, 2012]
- 1 Reason to Expect Big Things From Super Micro Computer - May 25th, 2012 [May 25th, 2012]
- Bump's Super Popular App Just Got A Million Times Cooler With Its Latest Update - May 25th, 2012 [May 25th, 2012]
- Is The Computer 'Cloud' Compromising You Privacy? - May 26th, 2012 [May 26th, 2012]
- Super MP3 Download 4.8.2.6 - May 28th, 2012 [May 28th, 2012]
- Radiohead's Kid A and OK Computer, Now in 8-Bit - May 29th, 2012 [May 29th, 2012]
- ASUS P6T7 WS Super Computer MoBo - Video - May 29th, 2012 [May 29th, 2012]
- Photonic Super Computer 2012 - Video - May 29th, 2012 [May 29th, 2012]
- Kaspersky discovers super-complex Flame malware - May 30th, 2012 [May 30th, 2012]
- Supermicro® X9 5x GPU SuperWorkstation Delivers Maximum Performance with NVIDIA Maximus Certification - May 30th, 2012 [May 30th, 2012]
- Super-virus Flame raises the cyberwar stakes - May 30th, 2012 [May 30th, 2012]
- Super-stealthy ‘Flame' computer virus spies on Iran - May 31st, 2012 [May 31st, 2012]
- Super-stealthy ‘Flame' computer virus spies on Iranians - May 31st, 2012 [May 31st, 2012]
- Was flame virus written by gamers? Code similar to apps such as Angry Birds - May 31st, 2012 [May 31st, 2012]
- Massive cyber attack on Iran came from U.S., report says - June 2nd, 2012 [June 2nd, 2012]
- Massive cyber attack on Iran came from US, report says - June 2nd, 2012 [June 2nd, 2012]
- Supermicro® Exhibits its Latest X9 Server and Storage Innovations at Computex, Taiwan - June 5th, 2012 [June 5th, 2012]
- Supermicro® Hadoop Solutions Accelerate Innovation with Launch of EMC® ... - June 5th, 2012 [June 5th, 2012]
- Super 57000 Video Game (Family Computer) - Video - June 5th, 2012 [June 5th, 2012]
- Security Cameras Turn into Super-Fast Sleuths - June 7th, 2012 [June 7th, 2012]
- Quantum computers move closer to reality, thanks to highly enriched and highly purified silicon - June 7th, 2012 [June 7th, 2012]
- Research Makes Ultrafast Quantum Computer Concept a Reality - June 9th, 2012 [June 9th, 2012]
- Supermicro's New Compact Embedded Server Appliance Supports 3rd Generation Intel® Core™ i7/i5/i3 Processors - June 11th, 2012 [June 11th, 2012]
- The PC which is truly personal: 'Computer' on a memory stick offers COMPLETE privacy for browsing and documents - June 11th, 2012 [June 11th, 2012]
- 'Purified' silicon nudges quantum computing ahead - June 11th, 2012 [June 11th, 2012]
- Apple serves up 15.4-inch MacBook Pro with Retina Display - June 11th, 2012 [June 11th, 2012]
- Apple debuts next-gen MacBook Pro, iOS 6 - June 11th, 2012 [June 11th, 2012]
- How to Invest Like the Super-Rich - June 13th, 2012 [June 13th, 2012]
- Super Computer for Sale - Video - June 13th, 2012 [June 13th, 2012]
- Supermicro® Launches FatTwin™ Architecture - June 15th, 2012 [June 15th, 2012]
- Computer Workstation utilizes NVIDIA® Maximus(TM) technology. - June 15th, 2012 [June 15th, 2012]
- Supermicro® Launches FatTwinâ„¢ Architecture - June 15th, 2012 [June 15th, 2012]
- Acer: Aspire S5, super-thin Ultrabook, coming to U.S. in late June - June 15th, 2012 [June 15th, 2012]
- Supermicro(R) Launches FatTwin(TM) Architecture - June 15th, 2012 [June 15th, 2012]
- Sheldon Adelson: 7 surprising facts about 2012's biggest donor - June 15th, 2012 [June 15th, 2012]
- lego super computer - Video - June 17th, 2012 [June 17th, 2012]
- Age of Empires: The Conqurors - vsing Duke AI 1.6 - Super computer - Video - June 17th, 2012 [June 17th, 2012]
- Supermicro® FatTwin™ Takes Center Stage at International Supercomputing Conference 2012 - June 18th, 2012 [June 18th, 2012]