EU Supercomputers Hijacked From COVID-19 Research to Mine Cryptocurrency

Vaccine
19 May 2020

European supercomputers programmed to search for a vaccine for COVID-19 were remotely hijacked last week for the purpose of mining cryptocurrency.

According to a report by ZDNet, multiple supercomputers across the European Union were compromised by a string of malware attacks that required a shutdown after it was discovered they were being used for crypto mining – also known as cryptojacking. The hackers had gained entry via stolen SSH (remote access) credentials from individuals authorized to operate the machines.

Security researcher Chris Doman, co-founder of Cado Security, told ZDNet the malware was designed to use the supercomputers’ processing power to mine monero (XMR). It is also believed a number of the compromised supercomputers were being used to prioritize research for a coronavirus vaccine, although details surrounding the hacks and the computer’s purpose appear to have been left deliberately vague.

See also: Cryptojacking Malware Devs Sentenced to 20 Years in Prison

Security incident reports came from Germany, the U.K. and Switzerland, with a potential hijack also said to have occurred at a high-performance computer located in Spain.

The first reported incident took place on May 11 at the University of Edinburgh, which operates the ARCHER supercomputer. “Due to a security exploitation on the ARCHER login nodes, the decision has been taken to disable access to ARCHER while further investigations take place,” the university announced in a public update.

To date, the ARCHER supercomputer is still down pending further security purges, as well as a reset of its system and passwords. “The ARCHER and Cray/HPE System Teams continue to work on ARCHER and getting it ready to return to service. We anticipate that ARCHER will be returned to service later this week,” the university said.

Spate of breaches

Germany-based bwHPC, an organization that coordinates research projects across supercomputers in the state of Baden-Wurttemberg, declared five of its high-performance computing clusters had to be shut down due to similar “security incidents.

A supercomputer located in Barcelona, Spain, was also impacted on May 13, with researcher Felix von Leitner declaring in a blog post the computer had a security issue and had to be shut down.

On May 14, further incidents began cropping up with the first one coming from Leibniz Computing Center (LZR), an institute with the Bavarian Academy of Sciences. The Academy said it had disconnected a computing cluster from the internet after its security was breached.

See also: Thousands of Microsoft Servers Infected by Crypto-Mining Botnet Since 2018, Says Report

On Saturday, German scientist Robert Helling published an analysis on the malware that was infecting a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximillian University University in Munich, Germany.

And in Switzerland, the Swiss Center of Scientific Computations (CSCS) in Zurich also shut down external access to its supercomputer infrastructure following a “cyber-incident” on Saturday.

Similar incidents have occurred in the past. Earlier this year a group of hackers known as “Outlaw” began infiltrating Linux-based enterprise systems in the U.S. in order to hijack personal computing power and mine XMR.