Coindesk News

EU Supercomputers Hijacked From COVID-19 Research to Mine Cryptocurrency

European supercomputers programmed to search for a vaccine for the deadly coronavirus (COVID-19) were remotely hijacked last week for the purpose of mining cryptocurrency.

According to a report by ZDNet, multiple supercomputers across the EU were compromised by a string of malware attacks that required a shut down after it was discovered they were being used for crypto mining – also known as cryptojacking. The hackers had gained entry via stolen SSH (remote access) credentials from individuals authorized to operate the machines.

Security researcher Chris Doman, co-founder of Cado Security, told ZDNet that the malware was designed to use the supercomputers’ processing power to mine monero (XMR). It is also believed a number of the compromised supercomputers were being used to prioritize research for a coronavirus vaccine, although details surrounding the hacks and the computer’s purpose appear to have been left deliberately vague.

Security incident reports came from Germany, the U.K and Switzerland, with a potential hijack also said to have occurred at a high-performance computer located in Spain.

The first reported incident took place on May 11 at the University of Edinburgh, which operates the ARCHER supercomputer. “Due to a security exploitation on the ARCHER login nodes, the decision has been taken to disable access to ARCHER while further investigations take place,” the university announced in a public update.

To date, the ARCHER supercomputer is still down pending further security purges, as well as a reset of its system and passwords. “The ARCHER and Cray/HPE System Teams continue to work on ARCHER and getting it ready to return to service. We anticipate that ARCHER will be returned to service later this week,” the university said.

Germany-based bwHPC, an organization that coordinates research projects across supercomputers in the state of Baden-Wurttemberg, declared five of its high-performance computing clusters had to be shut down due to similar “security incidents.

A supercomputer located in Barcelona, Spain, was also impacted on May 13, with researcher Felix von Leitner declaring in a blog post that the computer had a security issue and had to be shut down.

On May 14, further incidents began cropping up with the first one coming from Leibniz Computing Center (LZR), an institute with the Bavarian Academy of Sciences. The Academy said it had disconnected a computing cluster from the internet after its security was breached.

On Saturday, German scientist Robert Helling published an analysis on the malware that was infecting a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximillian University University in Munich, Germany.

And in Switzerland, the Swiss Center of Scientific Computations (CSCS) in Zurich also shut down external access to its supercomputer infrastructure following a “cyber-incident” on Saturday.

Similar incidents have occurred in the past. Earlier this year a group of hackers known as “Outlaw” began infiltrating Linux-based enterprise systems in the U.S. in order to hijack personal computing power and mine XMR.

Disclosure Read More

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Source link

News Sputnik

European Supercomputers Researching COVID-19 Outbreak Reportedly Hacked to Mine Cryptocurrency


Get short URL

Many of the supercomputers that suffered “security incidents” over the last week were reportedly being used for conducting research on the novel coronavirus outbreak, work that was apparently obstructed by the attacks.

Supercomputers in European countries including Germany, the UK and Switzerland were forced to shut down amid a series of intrusions made with the goal of installing cryptocurrency-mining malware, according to ZDNet. A similar “security incident” was reported from a high-performance computing centre in Spain. The malware reportedly saw the shutdown of the supercomputers as a means of restoring “a safe environment” and rewriting passwords and credentials.

Several intrusions reportedly took place over the last week, beginning with a Monday attack reported by the University of Edinburgh running the ARCHER supercomputer and followed by similar reports from Germany, Spain and Switzerland. The attacks were aimed at nodes that control computing clusters, which were then apparently infected with malware. 

According to a European Grid Infrastructure (EGI) security team report, the attacks – originating in Poland and China – were carried out by stealing SSH credentials from authorized users. 

Chris Doman, co-founder of Cado Security, told ZDNet that there was no clear evidence that all attacks were conducted by the same group. The malware filenames and network indicators, however, leave space for alleging that the source of the threats could be the same. 

According to Doman, hackers installed malware that mined the Monero (XMR) cryptocurrency, after accessing the supercomputers’ controlling nodes using an exploit for a CVE-2019-15666 vulnerability, allowing root access to the computers. 

Several supercomputers targeted in the attacks, including Edinburgh’s ARCHER, were prioritizing COVID-19 research, work which has now likely been obstructed by the intrusion and the resulting shutdown.

Amid the ongoing COVID-19 pandemic, there have been many reports on hacker attacks directed at the World Health Organization, the Wuhan Institute of Virology, as well as possible security breaches and personal data protection issues revolving around the apps used to track those who have contacted COVID-19-positive victims.

Source link