Supercomputers have been infected with a mining virus cryptocurrencies
Hackers attacked supercomputers in several countries around the world
Scammers used computing power to mine Monero
Hackers stole access keys from university employees
International consortium of news organizations, developing transparency standards.
Several supercomputers all over Europe were infected with an unknown virus that used the power of machines to mine cryptocurrencies. The system was hacked almost simultaneously in Germany, Great Britain, Switzerland and Spain.. Now access closed to supercomputers, and experts are figuring out how way hackers managed to infect the system.
More than 10 supercomputers fell victim to hackers
The first message about the hacking of the supercomputer system came yet Monday from the University of Edinburgh staff. They are reported “using security on ARCHER login nodes.” Due to the incident, it was decided to close the computer system.
Later, reports of unauthorized entry into the supercomputer system came from Germany, the state of Baden-Württemberg. There, due to intrusion into the work of computers, five clusters had to be closed at once, including:
- Supercomputer Hawk at High-Performance Computing Center Stuttgart (RIM) at the University of Stuttgart
- BwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
- BwForCluster JUSTUS supercomputer for chemistry and quantum science at the University of Ulm
- The bwForCluster BinAC bioinformatics supercomputer at the University of Tübingen
On this the hackers didn’t stop. Security researcher Felix von Leitner said on Wednesday that a security problem was also found in a supercomputer located in Barcelona, Spain..
In the next few days, allegations of hacking the security systems of supercomputers were received also from the Bavarian Academy of Sciences, Ludwig-Maximilian University in Munich, Germany, Swiss center Scientific Computing (CSCS) in Zurich, Switzerland. Total more 10 supercomputers were stopped pending clarification of the circumstances of the security breach.
Hackers used SSH logins
So far, none of the affected institutions have made a public statement about Tom, how exactly did the attackers manage to infect computers. but The Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), which coordinates supercomputer research across Europe, has released malware samples and indicators of compromise networks for some of these incidents. After a detailed study, the experts came to opinion, that hackers would rather Total, compromised SSH credentials.
Credentials likely stolen from university members, which access to supercomputers was granted for performing computing tasks. Hijacked SSH logins belonged to universities in Canada, China and Poland.
Chris Doman, co-founder of Cado Security, stated, that while there is no official evidence to prove that all intrusions were carried out by the same group, evidence such as similar malware file names and network indicators indicate that it is can be one grouping.
“According to the analysis, the attackers gained access to the supercomputer node and then used an exploit for the CVE vulnerability-2019-15666 to gain root access, and then deployed an application that mined Monero (XMR) cryptocurrency, ”the statement said..
Worse Togo, many organization, who this week came out supercomputers out of order, announced that they were giving a priority research into the COVID-19 outbreak that is currently time, rather Total, difficult due to invasion and subsequent just me.
All information, contained on our website, published on principles of good faith and objectivity, and exclusively with familiarization aim. Reader yourself carries complete responsibility for any actions, committed im on based on information, received on our website.