SuperComputers in several countries across Europe, including Germany, Switzerland, Spain, and the UK, have reported cyber Cryptojacking attacks on their systems, and have been working to remove the threat. To understand the Cryptojacking read my article Cryptojacking: Awareness, Detection, And Prevention.
Many supercomputers across Europe that are working on COVID-19 research have been targeted by cryptocurrency-mining attacks over the past month
The UK’s National Supercomputing Service ARCHER was the first to announce that it’d disabled access to its system following the exploitation of its login nodes.
The bwHPC, the organization that coordinates research projects across supercomputers in the state of Baden-Württemberg, Germany, also announced that five of its high-performance computing clusters had to be shut down due to similar "security incidents." This included:The Hawk supercomputer at the High-Performance Computing Center Stuttgart (HLRS) at the University of Stuttgart and supercomputers of many institutes including Ulm UniversityKarlsruhe Institute of Technology (KIT)Tübingen University.Cryptojacking attacks also reported in Switzerland and Spain.
The malware samples released by the Computer Security Incident Response Team were reviewed by a US-based cyber-security firm. The Computer Security Incident Response Team, or CSIRT, is a pan-European organization that coordinates research on supercomputers across Europe.
The cyber-security company said the attackers appear to have stolen university members’ SSH credentials in Canada, China, and Poland in order to gain access to the supercomputer clusters. Secure Shell, or SSH, is a cryptographic network protocol for operating network services securely over an unsecured network.
Chris Doman, Co-Founder of Cado Security explained that:
“Once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.”
These type of attacks on insitutions aren't the first time that crypto-mining malware has been installed on a supercomputer.
For example, in February 2018, Russian authorities arrested engineers from the Russian Nuclear Center for using the agency's supercomputer to mine cryptocurrency.