• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / News / Supercomputers hacked all over Europe for Monero mining

Supercomputers hacked all over Europe for Monero mining

17/05/2020 13:15 by giorgos

Many Supercomputers across Europe became infected this week with malicious cryptocurrency mining software and stopped working to investigate the intrusions.

Incidents have been reported in the United Kingdom, Germany and Switzerland, and a similar raid is rumored to have taken place at a high-performance computer center in Spain.

csm Hawk 1 fb56b799b2 - Supercomputers hacked all over Europe for Monero mining
Hawk High-Performance Computing Center Stuttgart (HLRS)

Η first report of the attack appeared on Monday from the University of Edinburgh, which manages the ARCHER supercomputer. The University reported a "security operation at the ARCHER connection nodes", and shut down the ARCHER system to further investigate the attack. Change passwords via SSH to prevent further intrusions.

  • Eni HPC5 the most powerful computer system in the world

BwHPC is an organization that coordinates supercomputer research projects in Baden-Württemberg, Germany, and he said also on Monday that five of the high-performance computer clusters had to be shut down due to similar "security incidents":

The Hawk supercomputer at the Stuttgart High-Performance Computing Center (HLRS) at the University of Stuttgart
BwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
The bwForCluster for quantum science research at the University of Ulm
The bwForCluster BinAC bioinformatics supercomputer at the University of Tübingen

Reports continued Wednesday when security investigator Felix von Leitner claimed in a Publication that a supercomputer housed in Barcelona, ​​Spain, was also affected by a similar security issue and had to be shut down.

More incidents occurred the next day, Thursday. The first came from the Leibniz Computing Center (LRZ), an institute of the Bavarian Academy of Sciences, which said it disconnected a computer complex from the Internet following a security breach.

LRZ's announcement was followed later that day by another research center. The Julich Center in the German city of Julich said the JURECA, JUDAC and JUWELS supercomputers had to be shut down following a "security incident".

New violations appeared and today Saturday. The German scientist Robert Helling he published an analysis of malware infecting a high-performance computer complex at the School of Physics at Ludwig-Maximilians University in Munich, Germany.

The Swiss Center for Scientific Computations (CSCS) in Zurich, Switzerland closed also external access to its supercomputer infrastructure after a "cyber-incident" and "until it restores a secure environment".

None of the above posted details of the invasions. Earlier today, however, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates supercomputer research across Europe, launched samples of malware from some of these incidents.

The malware samples were tested today by Cado Security, a US-based cyber security company. The company said the attackers appeared to have gained access to the supercomputers' clusters through compromised SSH credentials.

Credentials appear to have been stolen by university members who have access to supercomputers. The incoming SSH connections came from universities in Canada, China and Poland.

Chris Doman, co-founder of Cado Security, told ZDNet today that while there is no official evidence to suggest that all of these intrusions were carried out by the same team, the identical names of the malware files suggest that this is very likely. .

According to Doman analysis, once intruders gain access to a supercomputer node, they use an exploit for vulnerability CVE-2019-15666 which helps them gain root access. Then they installed an application for mining Monero (XMR).

It should be noted that many of the supercomputers that have stopped operating have given priority to COVID-19 research, which of course has now stopped as a result of the invasion.

Supercomputers hacked all over Europe for Monero mining was last modified: 17 May, 2020, 1: 15 mm by giorgos

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: supercomputers

You May Also Like

Why Are Supercomputers Running On Linux?
Tails Project: Tails 4.15 anonymity on the internet
LibreOffice 7.1.0 prerelease has just been released

About Us giorgos

George still wonders what he's doing here ...

Previous Post: « Windows 10 20H2 will be a Service Pack Windows 10 20H2 will be a Service Pack
Next Post: Ultra Adware Killer 7.9.1.0 Free for everyone Ultra Adware Killer »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.