European Supercomputers used for COVID Treatment Hacked By Crypto-Miners

A series of supercomputers across Europe have been hacked by an unknown group.

In the past week, an unknown group of hackers has infiltrated supercomputers across Europe and installed cryptocurrency mining software.

More than a dozen supercomputers in the UK, Germany, Spain and Switzerland fell victim to the hack. As a result, many were taken offline and completely shut down.

On Monday, German organisation bwHPC published a message announcing that five of their supercomputers had been compromised due to the cryptominer infection:

“Dear users, due to an IT security incident the state-wide HPC systems bwUniCluster 2.0, ForHLR II, bwForCluster JUSTUS, bwForCluster BinAC, and Hawk are currently not available. Our experts are already working on an assessment of the problem.”

It is believed that the first system the hackers targeted was the ‘Archer’, a supercomputer based in the University of Edinburgh that was being used to conduct research on the COVID-19 pandemic.

The people behind the attacks managed to gain access to the supercomputers in question by obtaining login credentials from networks that had already been compromised in China and Poland.

Cado Security, a software platform for digital forensics and cyber-security incidents, explained that it is common practice for users at different high-performance computing facilities to have login access to other institutions as well, which makes it easier for attackers to hijack the system.

In two of the incidents, the group of hackers behind the attacks formed a connection to the supercomputers with a compromised SSH account. They then proceeded to exploit a vulnerability in the Linux kernel to get root access and install Monero, or XMR software, for cryptomining.

To prevent the software from being discovered, hackers set to only run only at nighttime.

The true motivation behind this string of attacks remains unknown; while profit from installing the Monero mining script is the most obvious answer, it is noteworthy that a majority of the supercomputers and systems targeted were involved in the research and analysis of the coronavirus. Some believe that this could establish access to this information as the primary motivation, with a nation-state actor orchestrating the attacks.