Supercomputers across Europe were hacked to exploit virtual money

The attack forced these supercomputers, including a supercomputer participating in research on Covid-19, to be shut down to conduct investigations and remediate consequences.

A series of supercomputers in Europe, including at least one supercomputer being used to study Covid-19, were shut down completely last week due to hackers secretly installing cryptocurrency mining malware. into these machines.

Starting early last week, ARCHER supercomputers in the UK and other high-performance computers in Germany and Switzerland have been shut down in response to this cyberattack. " We now believe this is a serious problem for the entire research community as a whole series of computers have been compromised in the UK and elsewhere in Europe ." The ARCHER managers said.

Supercomputers across Europe were hacked to exploit virtual money Picture 1

Although no organization has published details about the incident, the security research group CSIRT (Computer Security Incident Response Team) of EGI (European Grid Infrastructure) has revealed the source of the problem: a hacker group. stole remote access to these supercomputers to mine the Monero virtual currency.

To gain remote access, a hacker group first invades computers belonging to academic institutions that often use supercomputers to research. These computers often contain keys that allow Secure Shell (SSH) remote access to these high-performance computers.

" Attackers are moving from victim to victim using compromised SSH credentials ." EGI said. Tracking IP addresses to host attacks shows that they are from China, Poland and Canada, but connections seem to take place within the compromised computers or through servers belonging to about Tor Networks, so it is difficult to say exactly who was responsible for this incident.

Security firm Cado Security also investigated a sample of malware used in the attack, and found evidence that hackers have found a way to mine malware to mine their cryptocurrency on an American supercomputer.

Malware-infected supercomputers in Europe, meanwhile, are still trying to push hackers out of their systems. The ARCHER supercomputer, which has tools for researching Covid-19, hopes to be able to resume operations this week.

" When ARCHER returns to service, all users will be required to use two-factor authentication to access the service: an SSH key with a passphrase and their ARCHER password ." The supercomputer administrator said on Monday. " It is imperative that you do not reuse the password or the SSH key with the previously used passphrase ."