EU Supercomputers Intended for COVID-19 Research Hijacked for Crypto Mining
EU supercomputers programmed to develop a vaccine for the deadly coronavirus, or COVID-19, were remotely hijacked last week for mining crypto.
According to a report by ZDNet, numerous supercomputers across the Eropean Union were compromised in a series of malware attacks and shut down after it was discovered they were being used for crypto mining — otherwise known as cryptojacking. The hackers had gained access with stolen SSH (remote access) credentials from individuals authorized to operate the machines.
Security researcher Chris Doman, co-founder of Cado Security, told ZDNet, that the malware was developed to leverage the supercomputers’ processing power to mine Monero (XMR). It is also said that a number of the compromised supercomputers were being used to prioritize research for a COVID-19 vaccine, although details about the hacks and the computer’s purpose seem to have been deliberately obscured.
Security incident reports came from Germany, the U.K. and Switzerland. A potential hijack also said to have taken place at a high-performance computer located in Spain.
The first reported incident occurred on May 11 at the University of Edinburgh, which operates the ARCHER supercomputer. “Due to a security exploitation on the ARCHER login nodes, the decision has been taken to disable access to ARCHER while further investigations take place,” the university stated in a public update.
To date, the ARCHER supercomputer is still down waiting further security purges, as well as a reset of its system and passwords. “The ARCHER and Cray/HPE System Teams continue to work on ARCHER and getting it ready to return to service. We anticipate that ARCHER will be returned to service later this week,” the university stated.
Spate of breaches
Germany-based bwHPC, an organization which coordinates research projects across supercomputers in the state of Baden-Wurttemberg, stated that five of its high-performance computing clusters had to be shut down due to similar “security incidents.“
A supercomputer in Barcelona, Spain, was also affected on May 13, with researcher Felix von Leitner claiming in a blog post that the computer had a security issue and had to be shut down.
On May 14, further incidents were reported with the first one coming from Leibniz Computing Center (LZR), an institute with the Bavarian Academy of Sciences. The Academy announced that it had to disconnect a computing cluster from the internet after finding a security breach.
On Saturday, German scientist Robert Helling released an analysis on the malware that was infecting a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximillian University in Munich, Germany.
And in Switzerland, the Swiss Center of Scientific Computations (CSCS) in Zurich also had to shut down access to its supercomputers, reporting a “cyber-incident” on Saturday.
Such incidents have taken place in the past. Earlier this year a group of hackers known as “Outlaw” started to infiltrate Linux-based enterprise systems in the U.S. in order to hijack personal computing power and mine XMR.