Europe-wide supercomputers hacked into crypto mining attack

Cryptocurrency and security define attempts to access digital currencies by illicit means. Means like hacking, or steps to avoid unauthorized cryptocurrency transactions, and storage technologies. In extreme cases, it is possible to hack even a machine that is not connected to any network. Recently, several European supercomputers were hacked with cryptocurrency mining malware attacks. They shut down to investigate the intrusions. Security breaches were found in the UK, Germany, and Switzerland, while similar intrusions have also been reported in Spain’s high-performance computing center.

“Hawk shut down due to a security incident”

On May 11, a research institute, and a Stuttgart-based supercomputer center, High-Performance Computing Center (HLRS), posted this saying

Hawk is the institute ‘s main supercomputer. Hawk is an HPE Apollo 9000 Machine with a peak performance of about 26 Petaflops and is among the fastest supercomputers in the world.

Only the Bavarian Academy of Sciences and Humanities near the Leibniz Supercomputing Center in Munich admitted that hackers had targeted their networks. Therefore we have disconnected the affected devices from the outside world for safety’s sake. Attacks using stolen user account details have compromised the systems.

Earlier Cyber-attack Event

In previous cases it was usually an employee who mounted the cryptocurrency miner for his own personal gain. For example, Russian authorities arrested Russian Nuclear Center engineers in February 2018. They arrested for using the agency’s supercomputer to mine cryptocurrency. A month later, at the Meteorology Office, Australian officials started an investigation into a similar case where workers used the supercomputer of the department to mine cryptocurrency.

Data Attackers Captured

Attackers gained access through SSH logins. Evidence such as common names of malware files and network indicators shows that this could be the same threat actor.

According to the study by Doman, attackers got access to a supercomputing node. And can obtain root access and then deploy an application that mines the cryptocurrency Monero (XMR).

However, bwHPC announced five of its high-performance computing clusters affected:

• The Hawk Supercomputer at Stuttgart University High-Performance Computing Center (HLRS)
• At Karlsruhe Institute of Technology (KIT) the bwUniCluster 2.0 and ForHLR II clusters
• The Ulm University bwForCluster JUSTUS chemical and quantum science supercomputer
• The bioinformatics supercomputer BwForCluster BinAC at University of Tübingen

European supercomputers hacked by cryptocurrency mining malware

Recently, Europe-wide supercomputers were hacked by a not known attacker that implements cryptocurrency mining tools. Almost more than a dozen supercomputers were targeting in Germany, the UK, Switzerland,x, and Spain, with many getting hold offline due to this malware attack. The first targeted system is to be Archer. Archer is a supercomputer at the University of Edinburgh which is being to carry out an analysis of covid19 research. Those behind those attacks that gaining access to the supercomputers by hacking login details from compromised or unsecured networks at Poland and China universities. As per Cado Security, logging in to other institutions is common for users at various high-computing facilities makes it easier for attackers to access them.

In both of the security attacks, the attacker group after the attacks using an exploited SSH account. It is connecting to the supercomputers and then exploited CVE-2019-15666 vulnerability in the Linux kernel to gain root access. Then install Monero or XMR crypto-mining malware.

SSH logins are hacked, due to a crypto mining

Malware samples from the Computer Security Incident Response Team review a US-based information security firm. The Team for Computer Security Incident Response (CSIRT), is a pan-European organization that conducts supercomputer work across Europe.

The cyber-security firm said the attackers appear to have stolen SSH credentials from university leaders in Canada, China, and Poland to gain access to the supercomputer clusters.

Colleges were the primary offenders

Edinburgh University announced the initial incident on last Monday. Then the incident took place in Baden-Württemberg, at a German university.

Among the victims were clustering at the Leibniz Computing Center(LRZ), the Julich Research Center in the city of Julich in Germany, the Faculty of Physics at the Ludwig-Maximilians University, Munich, Germany and the Swiss Center for Scientific Computing or CSCS in Zurich, Switzerland.

Conclusion

Black Hat/Bad Hacking means using computers or other devices to perform criminal acts such as theft, the violation of privacy, the stealing of personal or corporate data, etc. Cybercrimes cost millions of dollars each year for many organizations. Businesses need to defend against these assaults.

Computer Security Incident Response Team, or CSIRT, is an organization that searches all over Europe for supercomputers. CSIRT also claims hackers have stolen SSH data from university users in countries like Canada, Poland, and China due to hack into supercomputers.

Furthermore, the UK-based ARCHER National Supercomputing Service also reported that its systems had “security exploitation” which led its administrators to rewrite passwords and secure shell (SSH) keys.

Read Next: Hackers steal sensitive information exploiting COVID-19 outbreak