Crypto-Miners Take Out Supercomputers Working on #COVID19

Crypto-Miners Take Out Supercomputers Working on #COVID19

Originally Published on this site

Crypto-Miners Take Out Supercomputers Working on #COVID19

Crypto-Miners Take Out Supercomputers Working on #COVID19 1

Supercomputers across Europe appear to have been targeted by cryptocurrency miners over the past few days, forcing offline key IT resources working on COVID-19 research.

One of the first to report problems was the University of Edinburgh’s Archer supercomputer, which was taken offline last Monday after “a security exploitation on the Archer login nodes.”

Working with the National Cyber Security Centre (NCSC), the institution has been forced to rewrite all existing passwords and SSH keys. It is still down at the time of writing.

The Computer Security Incident Response Team (CSIRT) at the European Grid Infrastructure (EGI) organization revealed two potentially related security incidents in an analysis on Friday. In both, a malicious actor was blamed for targeting academic data centers for CPU mining.

“The attacker is hopping from one victim to another using compromised SSH credentials,” it explained.

The attackers were logging in from three compromised networks, at the University of Krakow in Poland, Shanghai Jiaotong University and the China Science and Technology Network. It has been claimed that some credentials are shared between academic institutions, making it easier for would-be attackers.

It’s also claimed that the attackers are exploiting CVE-2019-15666 for privilege escalation before deploying a Monero cryptocurrency miner.

Other institutions affected by the campaign include the Swiss Center of Scientific Computations (CSCS), the bwHPC, which runs supercomputers across the German region of Baden-Württemberg, the University of Stuttgart’s HPE Hawk machine, the Leibniz Computing Center (LRZ) and an unnamed facility in Barcelona.

“What’s interesting about this is that it seems hackers have targeted the supercomputers completely remotely for the first time, as before there has always been an insider who installs the crypto-mining malware used for the attack,” argued ESET cybersecurity specialist, Jake Moore.

“All the SSH login credentials will now need resetting, which may take a while, but this is vital to stop further attacks. Once a list of credentials is compromised, it is a race against time to have these reset. Unfortunately, the lead time is usually enough of a head start for threat actors to take advantage of the mining software.”

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)