Supercomputers hacked across Europe to mine cryptocurrency

meet-europes-new-supercomputer-marenostr-5d0229e6fe727300c4d980d6-1-jun-16-2019-14-08-02-poster.jpg

Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions.

Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain.

The first report of an attack came to light on Monday from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported “security exploitation on the ARCHER login nodes,” shut down the ARCHER system to investigate, and reset SSH passwords to prevent further intrusions.

The bwHPC, the organization that coordinates research projects across supercomputers in the state of Baden-Württemberg, Germany, also announced on Monday that five of its high-performance computing clusters had to be shut down due to similar “security incidents.” This included:

  • The Hawk supercomputer at the High-Performance Computing Center Stuttgart (HLRS) at the University of Stuttgart
  • The bwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
  • The bwForCluster JUSTUS chemistry and quantum science supercomputer at the Ulm University
  • The bwForCluster BinAC bioinformatics supercomputer at the Tübingen University

Reports continued on Wednesday when security researcher Felix von Leitner claimed in a blog post that a supercomputer housed in Barcelona, Spain, was also impacted by a security issue and had been shut down as a result.

More incidents surfaced the next day, on Thursday. The first one came from the Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences, which said it was disconnected a computing cluster from the internet following a security breach.

The LRZ announcement was followed later in the day by another from the Julich Research Center in the town of Julich, Germany. Officials said they had to shut down the JURECA, JUDAC, and JUWELS supercomputers following an “IT security incident.”

New breaches also came to light today, on Saturday. German scientist Robert Helling published an analysis on the malware that infected a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany.

The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland also shut down external access to its supercomputer infrastructure following a “cyber-incident” and “until having restored a safe environment.”

Attackers gained  access via compromise SSH logins

None of the organizations above published any details about the intrusions. However, earlier today, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates research on supercomputers across Europe, has released malware samples and network compromise indicators from some of these incidents.

The malware samples were reviewed earlier today by Cado Security, a US-based cyber-security firm. The company said the attackers appear to have gained access to the supercomputer clusters via compromised SSH credentials.

The credentials appear to have been stolen from university members given access to the supercomputers to run computing jobs. The hijacked SSH logins belonged to universities in Canada, China, and Poland.

Chris Doman, Co-Founder of Cado Security, told ZDNet today that while there is no official evidence to confirm that all the intrusions have been carried out by the same group, evidence like similar malware file names and network indicators suggests this might be the same threat actor.

According to Doman’s analysis, once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.

Making matters worse, many of the organizations that had supercomputers go down this week had announced in previous weeks that they were prioritizing research on the COVID-19 outbreak, which has now most likely been hampered as a result of the intrusion and subsequent downtime.

Not the first incident of its kind

These incidents aren’t the first time that crypto-mining malware has been installed on a supercomputer. However, this marks the first time when hackers did this. In previous incidents, it was usually an employee who installed the cryptocurrency miner, for their own personal gain.

For example, in February 2018, Russian authorities arrested engineers from the Russian Nuclear Center for using the agency’s supercomputer to mine cryptocurrency.

A month later, Australian officials began an investigation into a similar case at the Bureau of Meteorology, where employees used the agency’s supercomputer to mine cryptocurrency.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 65,834.00
ethereum
Ethereum (ETH) $ 4,315.82
binance-coin
Binance Coin (BNB) $ 493.88
cardano
Cardano (ADA) $ 2.29
tether
Tether (USDT) $ 1.00
solana
Solana (SOL) $ 192.64
xrp
XRP (XRP) $ 1.16
polkadot
Polkadot (DOT) $ 44.61
dogecoin
Dogecoin (DOGE) $ 0.256396
usd-coin
USD Coin (USDC) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 65,834.00
ethereumEthereum (ETH)
$ 4,315.82
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 650.79
litecoinLitecoin (LTC)
$ 209.73
bitcoinBitcoin (BTC)
56.503,68
ethereumEthereum (ETH)
3.704,16
tetherTether (USDT)
0,858275
bitcoin-cashBitcoin Cash (BCH)
558,56
litecoinLitecoin (LTC)
180,01
bitcoinBitcoin (BTC)
47,774.09
ethereumEthereum (ETH)
3,131.88
tetherTether (USDT)
0.725675
bitcoin-cashBitcoin Cash (BCH)
472.26
litecoinLitecoin (LTC)
152.20

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021

Blockchain/Cryptocurrency Questions and Answers

ICo Presale
The Science Behind ICO Presales…
October 14, 2021
Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin65,936 0.54 % 3.29 % 14.70 %
Ethereum4,339.9 1.18 % 12.33 % 20.36 %
Binance Coin494.55 0.10 % 1.89 % 5.32 %
Cardano2.290 0.46 % 7.33 % 4.76 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana192.25 1.12 % 21.21 % 29.55 %
XRP1.160 0.13 % 4.46 % 2.59 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2569 0.61 % 5.36 % 10.36 %
USD Coin1.000 0.14 % 0.20 % 0.17 %

bitcoin
Bitcoin (BTC) $ 65,834.00
ethereum
Ethereum (ETH) $ 4,315.82
binance-coin
Binance Coin (BNB) $ 493.88
cardano
Cardano (ADA) $ 2.29
tether
Tether (USDT) $ 1.00
solana
Solana (SOL) $ 192.64
xrp
XRP (XRP) $ 1.16
polkadot
Polkadot (DOT) $ 44.61
dogecoin
Dogecoin (DOGE) $ 0.256396
usd-coin
USD Coin (USDC) $ 1.00