European supercomputers hacked and transformed into cryptocurrency miners

Last week, multiple supercomputers in the EU region were forced to shut down as part of a mining malware investigation.

Incidents were reported in Germany, Switzerland and the UK, and an intrusion is rumoured to have taken place in Spain.

The first reported attack took place at the University of Edinburgh.

The perpetrators allegedly pierced through the ARCHER login notes by utilising an exploit.

The ARCHER system was taken down soon afterwards.

The administrators also applied an SSH password reset to prevent further intrusions.

The Germany-based bwHPC organisation also reported a similar incident in which five of its own supercomputers were involved.

These were housed at various locations, including the University of Stuttgart, Ulm University, the University of Tübingen and the Karlsruhe Institute of Technology.

According to Felix von Leitner, a cyber security researcher, a supercomputer in Barcelona might have suffered a similar fate.

An incident at the Leibniz Computing Centre resulted in a supercomputer being disconnected from the internet to mitigate the damage.

The JUDAC, JURECA and JUWELS supercomputers had to be shut down at the Jülich Research Centre, as did the Taurus supercomputer at the Technical University in Dresden.

The Swiss Centre of Scientific Computations in Switzerland took a similar course of action.

Although the above mentioned organisations have not yet shared further details, the European researchers from the Computer Security Incident Response Team have released malware samples for the code that was used in these hacks.

Cado Security, the US-based cyber security researchers, further analysed them and found that the perpetrators managed to gain access to these supercomputer clusters using compromised SSH credentials.

It appears that these have been stolen from university members who needed them to run computing jobs.

After gaining unauthorised access via the CVE-2019-15666 vulnerability, the perpetrators transformed the infected supercomputers into Monero cryptocurrency mining stations.

Many of these supercomputers were being used for COVID-19 research.

This is the first time that hackers have installed crypto-mining malware on a supercomputer.