Around a dozen supercomputers being used across Europe to research the Covid-19 virus have been hit by hackers using them to mine cryptocurrency.
Computers in several countries across the continent, including Germany, Switzerland, Spain and the UK, have reported breaches on their systems, and have been working to remove the threat.
In Germany, five of the country’s supercomputers had to be shut down due to the cryptominin incident .
Security researcher Robert Helling wrote in a blog post: “In the last few days, there was news that several big academic high-performance computing centres had been hacked.
“Here in Munich, LRZ, the Leibniz Rechenzentrum was affected but also computers at the LMU faculty of physics.”
- Cyber-Attack Hits Sovereign Wealth Fund Norfund for $10M
- Conspiracy Theorists Take Over Glastonbury 5G Safety Report
- Online Sites Given One Hour to Remove Harmful Content Under French Law
The hackers supposedly exploited a Secure Shell (SSH) connection, used by academic researchers to log in to the system remotely.
Once inside, the attackers used the power of the computer and deployed cryptocurrency-mining malware.
ESET cybersecurity specialist Jake Moore told welivesecurity.com: “What’s interesting about this is that it seems hackers have targeted the supercomputers completely remotely for the first time, as before there has always been an insider who installs the crypto mining malware used for the attack.
“All the SSH login credentials will now need resetting, which may take a while, but this is vital to stop further attacks.”
He added: “Once a list of credentials is compromised, it is a race against time to have these reset. Unfortunately, the lead time is usually enough of a head start for threat actors to take advantage of the mining software.”
The University of Edinburgh reported an issue on its ARCHER supercomputer. As a result, the ARCHER system was shut down and the university forced to reset SSH passwords to prevent further issues. The university says the attacks was not related to the crypto-mining
In a statement a spokesman for the university commented: “The University of Edinburgh, through its supercomputing centre, EPCC, is currently investigating an issue relating to the UK National Supercomputing Service, ARCHER, that has required access to be temporarily suspended.
“On the 11th May 2020 our technology partners were notified of a potential issue that indicated some user accounts may have been misused to gain unauthorised access to the service.
“Investigations by our technical teams confirmed that a small number of user accounts had been affected so the decision was taken to disable access to allow further work to confirm the extent of the issue.
“University teams have been working with specialists from our technology partners and the National Cyber Security Centre to understand and recover from the issue. As a result the ARCHER service will return to service on 22nd May 2020 for all users.
“No evidence has been found to suggest that any research, client, or personal data has been impacted by this issue and all relevant stakeholders have been updated.”
The team now say that they “continue to work on ARCHER” and are preparing for a return to service “later this week.”
In a statement, the NCSC said: “We are aware of this incident and are providing support.
“The NCSC works with the academic sector to help it improve its security practices and protect its institutions from threats.”