Πολλά Supercomputers σε όλη την Ευρώπη μολύνθηκαν αυτήν την εβδteam with malicious software cryptocurrency mining and stopped operating to investigate the intrusions.
Έχουν αναφερθεί περιστατικά στο United Kingdom, τη Γερμανία και την Ελβετία, ενώ φημολογείται ότι μια παρόμοια εισβολή έγινε και σε ένα centre of high performance computers located in Spain.
Η first report of the attack appeared on Monday from the University of Edinburgh, which manages the ARCHER supercomputer. The University reported a "security operation at the ARCHER connection nodes", and shut down the ARCHER system to further investigate the attack. Change passwords via SSH to prevent further intrusions.
BwHPC is an organization that coordinates supercomputer research projects in Baden-Württemberg, Germany, and he said also on Monday that five of the high-performance computer clusters had to be shut down due to similar "security incidents":
The Hawk supercomputer at the Stuttgart High-Performance Computing Center (HLRS) at the University of Stuttgart
BwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
The bwForCluster for quantum science research at the University of Ulm
The bwForCluster BinAC bioinformatics supercomputer at the University of Tübingen
Reports continued Wednesday when security investigator Felix von Leitner claimed in a Publication that a supercomputer housed in Barcelona, Spain, was also affected by a similar security issue and had to be shut down.
More incidents occurred the next day, Thursday. The first came from the Leibniz Computing Center (LRZ), an institute of the Bavarian Academy of Sciences, which said it disconnected a computer complex from the Internet following a security breach.
LRZ's announcement was followed later that day by another research center. The Julich Center in the German city of Julich said the JURECA, JUDAC and JUWELS supercomputers had to be shut down following a "security incident".
New violations appeared and today Saturday. The German scientist Robert Helling he published an analysis of malware infecting a high-performance computer complex at the School of Physics at Ludwig-Maximilians University in Munich, Germany.
The Swiss Center for Scientific Computations (CSCS) in Zurich, Switzerland closed also external access to its supercomputer infrastructure after a "cyber-incident" and "until it restores a secure environment".
None of the above posted details of the invasions. Earlier today, however, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates supercomputer research across Europe, launched samples of malware from some of these incidents.
The malware samples were tested today by Cado Security, a US-based cyber security company. The company said the attackers appeared to have gained access to the supercomputers' clusters through compromised SSH credentials.
Credentials appear to have been stolen by university members who have access to supercomputers. The incoming SSH connections came from universities in Canada, China and Poland.
Chris Doman, co-founder of Cado Security, told ZDNet today that while they don't officially exist data confirming that all of these intrusions have been carried out by the same group, the identical names of the malware files suggest that this is highly likely.
According to Doman analysis, once intruders gain access to a supercomputer node, they use an exploit for vulnerability CVE-2019-15666 which helps them gain root access. Then they installed an application for mining Monero (XMR).
It should be noted that many of the supercomputers that have stopped operating have given priority to COVID-19 research, which of course has now stopped as a result of the invasion.