Supercomputers hacked all over Europe for Monero mining

Many Supercomputers across Europe were infected this week with malware cryptocurrency mining and stopped operating to investigate the intrusions.

Incidents have been reported in the United Kingdom, Germany and Switzerland, and a similar raid is rumored to have taken place at a high-performance computer center in Spain.

Hawk at Stuttgart High-Performance Computing Center (HLRS)
Hawk High-Performance Computing Center Stuttgart (HLRS)

Η first report της επίθεσης εμφανίστηκε τη Δευτέρα από το Πανεπιστήμιο του Εδιμβούργου, το οποίο διαχειρίζεται τον υπερυπολογιστή ARCHER. Το Πανεπιστήμιο ανέφερε μια “εκμετάλλευση ασφάλειας στους κόμβους σύνδεσης του ARCHER”, και έκλεισε το σύστημα ARCHER για περαιτέρω διερεύνηση της επίθεσης. Άλλαξε τους ς πρόσβασης μέσω SSH για να αποτρέψει άλλες εισβολές.

BwHPC is an organization that coordinates supercomputer research projects in Baden-Württemberg, Germany, and he said also on Monday that five of the high-performance computer clusters had to be shut down due to similar "security incidents":

The Hawk supercomputer at the Stuttgart High-Performance Computing Center (HLRS) at the University of Stuttgart
BwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
The bwForCluster for quantum science research at the University of Ulm
The bwForCluster BinAC bioinformatics supercomputer at the University of Tübingen

Reports continued Wednesday when security investigator Felix von Leitner claimed in a Publication that a supercomputer housed in Barcelona, ​​Spain, was also affected by a similar security issue and had to be shut down.

More incidents occurred the next day, Thursday. The first came from the Leibniz Computing Center (LRZ), an institute of the Bavarian Academy of Sciences, which said it disconnected a computer complex from the Internet following a security breach.

LRZ's announcement was followed later that day by another research center. The Julich Center in the German city of Julich said the JURECA, JUDAC and JUWELS supercomputers had to be shut down following a "security incident".

New violations appeared and today Saturday. The German scientist Robert Helling he published an analysis of malware infecting a high-performance computer complex at the School of Physics at Ludwig-Maximilians University in Munich, Germany.

The Swiss Center for Scientific Computations (CSCS) in Zurich, Switzerland closed also external access to its supercomputer infrastructure after a "cyber-incident" and "until it restores a secure environment".

None of the above have released details of the hacks. However, earlier today the Computer Security Response Team ( Security Incident Response Team or CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates supercomputing research across Europe, has released samples of malware from some of these incidents.

The malware samples were tested today by Cado Security, a US-based cyber security company. The company said the attackers appeared to have gained access to the supercomputers' clusters through compromised SSH credentials.

Credentials appear to have been stolen by university members who have access to supercomputers. The incoming SSH connections came from universities in Canada, China and Poland.

Chris Doman, co της Cado Security, ανέφερε σήμερα στο ZDNet ότι, αν και δεν υπάρχουν επίσημα στοιχεία που να επιβεβαιώνουν ότι όλες αυτές οι εισβολές έχουν πραγματοποιηθεί από την ίδια ομάδα, τα πανομοιότυπα ονόματα των αρχείων του κακόβουλου λογισμικού υποδηλώνουν ότι αυτό είναι πολύ πιθανό.

According to Doman analysis, once intruders gain access to a supercomputer node, they use an exploit for vulnerability CVE-2019-15666 which helps them gain root access. Then they installed an application for mining Monero (XMR).

It should be noted that many of the supercomputers that have stopped operating have given priority to COVID-19 research, which of course has now stopped as a result of the invasion.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).