Several supercomputers in Europe have been hacked in the past few days. Attackers are thought to use these supercomputers for mining Monero (XMR).
A massive attack was carried out on some supercomputers based in Germany, the UK and Switzerland. These events first surfaced with the announcement of the University of Edinburgh on Monday. University of Edinburgh; He explained that the supercomputer known as ARCHER has detected a “vulnerability in the input nodes” and the system has been disabled. Authorities had to reset their SSH password to prevent the attack.
The attacks were not limited to this. An organization called bwHPC in Germany also made a statement on Monday, and five different supercomputers in Germany; It announced that it was closed due to “vulnerabilities” similar to those in the UK.
Security chief Felix von Leitner shared a blog post Wednesday, two days after these events. Stating that a supercomputer in Spain was also affected by these attacks, Leitner stated that he had to shut down as well.
The Leibniz Computer Center, which is affiliated with the Bavarian Academy of Sciences, published a report on Thursday and announced that they had to disconnect a computer from the Internet.
Just a few hours after this announcement from the Bavarian Academy of Sciences, the Julich Research Center in Germany also issued an announcement and announced that the super computer JURECA, JUDAC and JUWELS has shut down.
But the events were not limited to this. The Swiss National Supercomputing Center (CSCS) has also announced that it has closed external access to the supercomputer under its control for a while.
How did they attack?
None of the organizations we named above made a detailed explanation of exactly how these super computers were hacked. But Computer Security Incident Response Team, which is affiliated with European Grid Infrastructure; he released a report on how these attacks might have occurred. In addition, a cyber security firm called Cado Security in the U.S. has done research on these attacks. According to the news of ZDNet, the researches conducted by these organizations give some clues as to how these attacks might have occurred.
Research shows that attackers hack these super computers by accessing SSH information. Although it is not known exactly how the attackers accessed this information, it is thought that they might have stolen it from faculty members who have access to these computers. According to the comments of Chris Doman, one of the founders of Cado Security, there is not enough evidence yet to say that these computers were hacked by the same attackers. However, the similarities of the files used in the attacks indicate that the attacks may have been organized in a common way.
According to Doman’s research, the attackers exploited the CVE-2019-15666 vulnerability after infiltrating these supercomputers and started using these computers for mining Monero (XMR). However, since there is no exact information about the attacks, some researchers say that this attack would have been possible to do Bitcoin mining as well.