Many Supercomputers across Europe were infected this week with malicious cryptocurrency mining software and stopped working to investigate the hacks.
Incidents have been reported in the United Kingdom, Germany and Switzerland, and a similar raid is rumored to have taken place at a high-performance computer center in Spain.
Η first report της επίθεσης εμφανίστηκε τη Δευτέρα από το Πανεπιστήμιο του Εδιμβούργου, το οποίο διαχειρίζεται τον υπερυπολογιστή ARCHER. Το Πανεπιστήμιο ανέφερε μια "εκμετάλλευση ασφάλειας στους κόμβους σύνδεσης του ARCHER", και έκλεισε το σύστημα ARCHER για περαιτέρω διερεύνηση της επίθεσης. Άλλαξε τους κωδικούς access μέσω SSH για να αποτρέψει άλλες εισβολές.
BwHPC is an organization that coordinates supercomputer research projects in Baden-Württemberg, Germany, and he said επίσης τη Δευτέρα ότι πέντε από τα συμπλέγματα υπολογιστών υψηλής απόδοσης έπρεπε να κλείσουν λόγω παρόμοιων "συμβάντων ασφαλείας":
The Hawk supercomputer at the Stuttgart High-Performance Computing Center (HLRS) at the University of Stuttgart
BwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
The bwForCluster for quantum science research at the University of Ulm
The bwForCluster BinAC bioinformatics supercomputer at the University of Tübingen
Reports continued Wednesday when security investigator Felix von Leitner claimed in a Publication that a supercomputer housed in Barcelona, Spain, was also affected by a similar security issue and had to be shut down.
More incidents appeared the next day, Thursday. The first came from the Leibniz Computing Center (LRZ), an institute of the Bavarian Academy of Sciences, which said it disconnected a cluster of computers from the Internet after a infringement security.
Την ανακοίνωση του LRZ ακολούθησε αργότερα την ίδια μέρα άλλη μια από διαφορετικό ερευνητικό κέντρο. Το κέντρο Julich στην πόλη Julich της Γερμανίας ανέφερε ότι έπρεπε να κλείσουν τους υπερυπολογιστές JURECA, JUDAC και JUWELS μετά από ένα "περιστατικό ασφάλειας".
New violations appeared and today Saturday. The German scientist Robert Helling he published an analysis of malware infecting a high-performance computer complex at the School of Physics at Ludwig-Maximilians University in Munich, Germany.
The Swiss Center for Scientific Computations (CSCS) in Zurich, Switzerland closed επίσης την εξωτερική πρόσβαση στην υποδομή των υπερυπολογιστών του μετά από ένα "κυβερνο-συμβάν" και "μέχρι να αποκαταστήσει ένα ασφαλές περιβάλλον".
None of the above posted details of the invasions. Earlier today, however, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates supercomputer research across Europe, launched samples of malware from some of these incidents.
The malware samples were tested today by Cado Security, a US-based cyber security company. The company said the attackers appeared to have gained access to the supercomputers' clusters through compromised SSH credentials.
The credentials appear to have been stolen by university members accessing the supercomputers. The incoming ones connections SSH came from universities in Canada, China and Poland.
Chris Doman, co-founder of Cado Security, told ZDNet today that while there is no official evidence to suggest that all of these intrusions were carried out by the same team, the identical names of the malware files suggest that this is very likely. .
According to Doman analysis, once intruders gain access to a supercomputer node, they use an exploit for vulnerability CVE-2019-15666 which helps them gain root access. Then they installed an application for mining Monero (XMR).
It should be noted that many of the supercomputers that have stopped operating have given priority to COVID-19 research, which of course has now stopped as a result of the invasion.
