28 May 2020
Over the last week, several supercomputers in Europe have been infected by an unknown group with cryptocurrency mining malware.
Supercomputers in Germany, UK, Switzerland, and Spain have been targeted by hackers for mining crypto and in turn, these computers were taken offline as a result of a hack. The very first system targeted for this attack is called “Archer,” a supercomputer at the University of Edinburgh. This system was used to conduct an analysis of coronavirus research but now the system is offline.
The hackers were able to gain access to the supercomputers by stealing login credentials from the universities in China and Poland. The Cado Security states that its common for users at different high-performance computing facilities to have logins for other institutions and that makes it easy for hackers to have control. In the incident, hackers gained access by connecting to supercomputers using a compromised SSH account. After it, they exploited a vulnerability in the Linux kernel to have root access and install Monero crypto mining software. To avoid getting caught, the crypto mining software is scheduled to run at night.
The supercomputers that got hacked by crypto-mining malware were conducting research for ongoing coronavirus. The Swiss Center of Scientific Computations in Zurich gave the orders to shut the systems until security issues were fixed. The motive behind this hack was to make some money by installing crypto mining software or it could be to disrupt the research going about the pandemic.