Hackers have attacked multiple supercomputers across Europe this week with the intention of mining cryptocurrency. Clusters of supercomputers have been forced to shut down in order to investigate the intrusions, according to a ZDNet news report on May 16.
These security incidents were reported in the UK, Germany, and Switzerland. Additionally, another possible attack occurred in a high-performance computer center in Spain, according to the report.
College campuses are the main victims
Most of the attacks appear to have targeted universities. University of Edinburgh,which runs the ARCHER supercomputer, reported the first incident on Monday.
Then, major universities’ high-performance computing clusters in the state of Baden-Württemberg, Germany also announced that they were attacked on Monday with similar security incidents, and had to be shut down.
More attacks happened in institutions in other parts of Germany, Spain, and Switzerland later in the week. Clusters in the Leibniz Computing Center, or LRZ, an institute under the Bavarian Academy of Sciences, the Julich Research Center in the town of Julich, Germany, the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany, and the Swiss Center of Scientific Computations, or CSCS, in Zurich, Switzerland were all counted amongst the victims.
SSH logins are compromised and the goal is to mine crypto
The malware samples released by the Computer Security Incident Response Team were reviewed by a US-based cyber-security firm, says the news. The Computer Security Incident Response Team, or CSIRT, is a pan-European organization that coordinates research on supercomputers across Europe.
The cyber-security company said the attackers appear to have stolen university members’ SSH credentials in Canada, China, and Poland in order to gain access to the supercomputer clusters. Secure Shell, or SSH, is a cryptographic network protocol for operating network services securely over an unsecured network.
Chris Doman, Co-Founder of Cado Security explained that:
“Once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.”
As Cointelegraph reported previously, university campuses were ranked the second biggest miners of digital currency across industry.