Research centers across Europe have been reporting malware infections in the supercomputers. The malware has infected supercomputers in Switzerland, Germany, the UK, and Spain. According to various reports, the malware is a crypto mining kind. As a result, the supercomputers had to be shut down as investigations about the intrusions are being conducted.
Supercomputer Malware Infections in Europe
The first report of a supercomputer being infected with the malware was in the UK at the University of Edinburgh. They released a report about the hack into the ARCHER supercomputer, which detailed how the hackers had exploited various login nodes to install the malware. The researchers were forced to shut down ARCHER as they conducted investigations and reset the SSH passwords.
On May 11, bwHPC, which oversees research across various supercomputers in Baden-Württemberg, Germany, made a similar announcement. The announcement revealed that five of its supercomputer clusters had been shut down due to malware infection.
The reports of malware infections in supercomputers continued on May 13, when Felix Von Leitner posted a blog post claiming a supercomputer in Barcelona, Spain, had been infected. As a result, it had been shut down.
On May 14, more incidents were reported. The first report was by the Leibniz Computing Center (LRZ), which is under the Bavarian Academy of Sciences. The center announced that it had shut down its supercomputer due to a malware infection. Later that day, the Julich Research Center in Julich, Germany, announced that it had shut down three of its computers after a security incident.
On May 16, more incidents were reported when Robert Helling, a scientist based in Germany published an analysis on malware that infected a supercomputer at the Ludwig-Maximilians University Faculty of Physics in Munich, Germany. On the same day, the Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland announced that it had shut down its external supercomputer infrastructure due to a security incident.
How the Hackers Infected the Supercomputers
Soon after the incidents, The Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI) released details about the malware infection. Cado Security, a cyber-security firm conducted a review of the details. The review revealed that the hackers gained entry into the supercomputers using compromised SSH credentials.
According to the review, the hackers obtained the login credentials from various university members who were running various operations using the supercomputers. The stolen credentials belonged to researchers in Canada, Poland, and China. Once the hackers accessed the login nodes, they installed malware that was used to mine Monero XRM.
What is worrying about the attacks is that they come at a time when researchers in Europe were prioritizing supercomputer resources to combat the COVID-19 outbreak. Their efforts have likely been set back due to the shutdowns.
Cryptojacking Malware is Not New
Cryptojacking malware is not new. For instance, soon after the passing on of Kobe Bryant, hackers took advantage of the death to install cryptojacking malware on people’s PCs. In October last year, researchers revealed that there was a new malware targeting Linux computers. However, it is the first time such a coordinated attack has been carried targeting supercomputers.
Thus far, it is not clear who is behind the attack. However, the resources and expertise required for such a massive attack would indicate that it is a well-funded organization, probably backed by a rogue state. It has not been revealed whether the hackers managed to mine any Monero XRM.
Monero popularity has grown over the years, especially among people that value privacy. Monero is believed to offer more privacy than Bitcoin in terms of transactions. The Monero infrastructure offers two benefits, "unlinkability" and untraceability." According to a report, Monero Cryptocurrency offers unlinkability by introducing "one time random addresses." Every time a sender initiates a new transaction to a recipient, a new one time random address is introduced per output. This makes it virtually impossible to link 2 addresses.
Monero Cryptocurrency offers untraceability by introducing "ring signatures." Ring signatures ensure that the sender is anonymously signing transactions.
Image Source: Pixabay