Cyber Attack On Supercomputers To Mine Cryptocurrency
Over the past week, one after other supercomputers in Europe closed access to servers for users of scientific and research centers from different countries. Computer centers in Germany, Switzerland, Spain, and in the UK were temporarily unavailable.
The problem is obvious – hackers broke into all supercomputers in Europe. What is the aim? It is a hidden cryptocurrency mining.
First things first.
What is the matter?
The first official comments on the reasons for mass restrictions on access to supercomputers were revealed by CSIRT (Computer Security Incident Response Team). It was the first who discovered an abnormal increase in the CPU load (average system load over some time). Why was it happen? Hackers installed Monero mining programs on the supercomputer servers. So, the characters of the system changed and showed an abnormal increase.
The first victim of hackers was ARHER – a high-performance computer at the University of Edinburgh. Instantly the developers have closed access to the Scottish supercomputer. Plus, all SSH passwords of users were reset, and the IP “white sheet” was declared invalid.
Then, the same situation happened with the BwHPC computing center in Germany. It also closed the research laboratories of the universities in Stuttgart, Karlsruhe, Ulm, and Tübingen.
Later, hackers broke into the supercomputers of Barcelona and continued attacks on the territory of Germany. The final chord point was the hacking of the high-performance computing center of Zurich in Switzerland.
One interesting fact is that hacked organizations didn’t give details about the attack. Only CSIRT, the organization which coordinates research process of the supercomputers, has published malware samples. Plus, it has shown the additional data on other similar incidents.
The next who carried out an analysis of the malware was the company of Cado Security. According to its published conclusions, hackers got open access to the system using special compromised data of the users. They assumed that the credentials were stolen from China, Poland, and Canada. Because they have private access to the centers of other universities.
After logging in, hackers gained access to the root directory through an exploit for the vulnerability CVE-2019-15666, which allows them to freely “fill” the program of hidden mining Monero.
So far, researchers cannot conclude whether it was a centralized attack or not. However, similar malware file names and network IDs have indicated that the attacks were carried out by the same group.
This is the first “external hacking” incident in the history of supercomputers. Until this moment, the incidents with hidden mining were internal. Some of the researchers installed the pest carriers themselves using free access.
Is it a world conspiracy?
It is worth noting that many organizations whose supercomputers were attacked are engaged in research related to COVID-19. As a result, there is a theory that hackers wanted to steal the results of these studies or simply sabotage them.
What do you think about this? What documents could researchers have found during the beginning of the pandemic? Is there a high risk that third parties stole documents?
Or maybe, it is just the assumption that has no real foundation? We have to find out the truth!