UK's Archer supercomputer hacked to mine crypto

by Mark Tyson on 18 May 2020, 12:12

Quick Link: HEXUS.net/qaelkt

Add to My Vault: x

A series of Cryptocurrency mining malware discoveries swept through Europe last week. The incidents were significant as they appeared to target supercomputers dotted around the continent. According to a ZDNet report published this weekend there are indications that the Monero (XMR) mining malware was planted across Europe by the same threat actor.

This time last week the University of Edinburgh's Archer supercomputer was shut down for sys admins to investigate it and reset SSH passwords. On the same day five bwHPC supercomputers in Germany closed due to similar incidents. Wednesday saw a similar supercomputer hacking story unravel in Barcelona. On Thursday similar incidents were noted in Bavaria, Dresden, and Julich, Germany. Saturday brought more investigations, shut downs and cleanup operations in Munich, Germany and Zurich, Switzerland.

European investigative and research body, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), released malware samples and network compromise indicators for some of the incidents noted above. These have since been reviewed by other security researchers and it seems to be the case that the attackers gained access to the supercomputers via compromised SSH credentials. Credentials belonged to universities in Canada, China, and Poland, it was observed.

Cado Security, told ZDNet the attacker(s) appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.

We don't know how much MXR the hackers might have gained from their crypto-mining malware but many of the organisations where the supercomputers are situated were prioritising research on the Covid-19 outbreak, says the ZDNet report. These are the first reported incidents of third party hackers installing cryptocurrency miners on a supercomputer, previously reported incidents have always been of an internal nature - usually an employee trying to earn a five-finger bonus.

Researchers are investigating similar supercomputer compromises in the US.

HEXUS recently wrote about the upcoming UK's Archer 2 supercomputer, featuring 12,000 AMD Epyc Rome CPUs.



HEXUS Forums :: 15 Comments

Login with Forum Account

Don't have an account? Register today!
They earnt 27p for a months worth of mining…
;)
3dcandy
They earnt 27p for a months worth of mining…
;)

Ah but someone else's 'leccy.

Minus the bribes, minus the hardware and specialist costs for malware deployment, minus the research time, minus the flights, hotels, etc….

…damn, I lost a lot of money.
I'm sure it's serious but all I can think is … Danger Zone
Peter Parker;4209205
I'm sure it's serious but all I can think is … Danger Zone

*Dons aviator sunglasses….

“HIIIIIIIIIIIIGH-WAAAAAAAAAAYYYY TOOOOOO THAAAAAAA DAN-GER ZOWNNNNNNNNNE!!!” :cool:
Ttaskmaster
*Dons aviator sunglasses….

“HIIIIIIIIIIIIGH-WAAAAAAAAAAYYYY TOOOOOO THAAAAAAA DAN-GER ZOWNNNNNNNNNE!!!” :cool:

Pretty much what came into my head just now.