Cyberattacks have seen a sharp surge in recent times. We?ve already witnessed
organizations working towards COVID-19 research being attacked by threat actors.
And now, multiple supercomputers across Europe have been infected with a
crypto-malware attack and shut down for further investigation. These security
attacks have been reported in the UK, Germany, and Switzerland.
[https://www.zdnet.com/article/supercomputers-hacked-across-europe-to-mine-cryptocurrency/] by ZDNet,?hacking attacks on supercomputers took place after the organizations
had announced that they were prioritizing research on the COVID-19 outbreak. The
first report of the incident surfaced last week, when the University of
Edinburgh revealed that its ARCHER supercomputer has been exploited, which is
why it had to shut down the ARCHER system to investigate, and reset SSH
passwords to avoid further intrusions.
Similarly, the bwHPC in Germany, also reported that five of its high-performance
computing clusters were attacked because of which they had to be shut down.
Similar reports of security- related incidents also came from Spain and Germany.
[https://www.zdnet.com/article/supercomputers-hacked-across-europe-to-mine-cryptocurrency/] that there aren?t details published by the organizations so far about the
security incident. But, the Computer Security Incident Response Team (CSIRT) for
the European Grid Infrastructure (EGI), released malware samples and network
compromise indicators noted in some of these incidents.
These samples were further reviewed by Cado Security, a cyber-security firm,
that said hackers gained access to these computing clusters as a result of
?compromised SSH credentials?.
These credentials were reportedly stolen from university members that had access
to the supercomputers to run computing jobs. These hacked SSH logins belonged to
different universities in Canada, China, and Poland. As per Chris Doman,
co-founder, Cado Security, attackers had access to a supercomputing node, after
which they exploited the CVE-2019-15666 vulnerability to gain root access. These
hackers then deployed an application that mined the Monero (XMR) cryptocurrency.
The hacking attacks on supercomputers took place after they had announced a few
weeks before that they were prioritizing research on the COVID-19 outbreak.
Also Read | Microsoft GitHub Account Reportedly Suffered A Cyberattack; Over
GB Data Stolen