Several supercomputers across Europe have infected cryptocurrency mining malware; they were shut down to investigate the hacks. Security incidents were reported in the UK, Germany, and Switzerland, while a similar invasion is rumored to have occurred in a high-performance data center located in Spain.
The first hacking message came from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported “operating a security system at the ARCHER entry nodes”, shut down the system for investigation, and reset passwords to prevent further intrusions.
The organization, coordinating research projects on supercomputers in the federal state of Baden-Württemberg (Germany), also announced that five of its high-performance computing clusters have been disconnected so far due to “security issues.”
None of the organizations gave details about the hacks. However, engineers reported that the Information Security Incident Response Team (CSIRT), which coordinates research using supercomputers across Europe, has published malware samples and additional data on some incidents.
A preliminary malware analysis was conducted by Cado Security. According to their findings, hackers gained access to supercomputers using compromised user data. They suggested that credentials were stolen from employees from Canada, China, and Poland – they had access to computer centers of other universities. So far, researchers cannot conclude that this was a centralized attack. However, similar malware file names and network identifiers indicate that the attacks were carried out by one grouping.