Supercomputers across Europe have shut down after cyber attacks tried to take control of them. Several high-performance computers and data centres used for research projects have been shut down this week across Europe due to security incidents.
They have been taken offline due to hackers secretly installing cryptocurrency-mining malware on the machines.
About a dozen of these supercomputers are affected in Germany, United Kingdom, and Switzerland, leaving researchers unable to continue their work. It is thought some have been compromised since January.
Supercomputers are extremely powerful systems built on traditional hardware to perform high-speed computations. They are used mainly for scientific work and testing mathematical models for complex physical phenomena and designs.
Germany, United Kingdom, and Switzerland shut down Supercomputers
The first report of an attack became public on Monday 11 May from the University of Edinburgh, which runs the ARCHER supercomputer. The organisation reported “security exploitation on the ARCHER login nodes,” shut down the ARCHER system to investigate, and reset SSH passwords to prevent further intrusions.
Staff said they were working with the National Cyber Security Centre to restore the system, which had recently installed a pandemic modelling tool.
“We now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe,” the team said.
The NCSC said: “We are aware of this incident and are providing support. “The NCSC works with the academic sector to help it improve its security practices and protect its institutions from threats.”
On 11 May, another attack shut down five supercomputers in Germany. Others followed elsewhere in Germany in the following days, as well as in Switzerland, and reportedly Barcelona.
On Saturday, the Swiss Centre of Scientific Computations (CSCS) informed its users that several high-performance computers and academic data centres can no longer be accessed due to malicious activity detected on the systems.
Purpose of the attack is not certain but the European Grid Infrastructure published details about two cyber attacks hitting academic data centres that appear to be the work of the same actor.
In both cases, the attacker was using compromised SSH credentials to hop from one host to another for mining cryptocurrency. Some hosts are used for mining, others are proxies for connecting to the mining server.
They exploited an Secure Shell (SSH) connection, which academic researchers use to log in to the system remotely.
And once inside, the attackers appear to have deployed cryptocurrency-mining malware.
The Computer Security Incident Response Team at European Grid Infrastructure found that in one case, the malicious mining activity is configured to run only during night hours, most likely to avoid detection.
This is not the first time that crypto-mining malware has been installed on a supercomputer, although it is the first time hackers have done this. In previous incidents, it was usually an employee who installed the cryptocurrency miner, for their own personal gain.