Over the past week, there have been several hacker attacks on Europe’s supercomputers. The attackers tried to circumvent the security of the machines to mine Monero cryptocurrencies.
The act of digital vandalism featured several successive attacks on supercomputers from at least four universities in Europe. As a precaution, the machines were then temporarily deactivated to carry out safety measures.
Hackers invade several supercomputers in Europe
A group of hackers broke into several supercomputers in Europe. The attacks took place from last Monday, the 11th, until Saturday, the 16th. The invasion was characterized by successive attacks in an attempt to violate the security of supercomputers to carry out computer crime.
At least four universities in Europe have seen their machines attacked, and a fifth case is still being investigated by the authorities.
As a preventive action, the supercomputers were temporarily deactivated in order to change passwords and carry out security checks.
The first supercomputer to be attacked was the ARCHER, the machine from the Center for Engineering and Computer Sciences at the University of Edinburgh, Scotland. According to the university, it was necessary to turn off the machine after detecting suspicious movements in the login system. The SSH keys were reset to block access and prevent further intrusions and the investigation of the case was then initiated.
That same day, five more machines were compromised in Germany, in a group of universities in the state of Baden-Württemberg. This attack was similar to the previous one and affected institutions in Ulm, Stuttgart, Karlsruhe and Tübingen.
On Wednesday, May 13, there was a case that is still only suspicious, at the University of Barcelona, Spain. And on Thursday, the 14th, hackers attacked the Bavarian Academy of Sciences, the Technical University of Dresden, and even a research center in the city of Julich, Germany.
All supercomputers were turned off and were left without Internet access to prevent further attacks.
On Saturday, the 16th, Switzerland was the chosen target and the attacks were carried out on the Center for Scientific Computing at the University of Zurich. Hackers hacked into supercomputers and therefore forced administrators to move them to a secure environment without external connections.
The attacks were aimed at cryptocurrency mining
None of the universities revealed details about these attacks, indicating only that the research work that was being done in the institutions suffered delays with the closure of the machines.
But it was not until Sunday, the 17th, that the motives of the attackers were known. The security team at EGI, the European organization that coordinates research on supercomputers in Europe, confirmed that the attacks were aimed at mining cryptocurrencies.
Samples of bugs used to break into the machines have been revealed, and there are also reports that the attacks happened after the theft of access credentials from international students and members of the university.
EGI also said that these phishing scams targeted several investigators from around the world with remote access to supercomputers, using stolen access credentials that belonged to members in Poland, Canada, and China.
All attacks were similar, as were the names used in the malware files. This factor implied that it was an organized group of hackers, whose identity has not yet been revealed.
As soon as the attackers accessed the machines, they used a known flaw in the Linux kernel to install the malicious software that mined the Monero cryptocurrency.
The EGI appealed to the administrators of all these machines that have increased attention, pointing out that this is the first case of coordinated attacks on similar structures. The group also regretted all the work that was interrupted due to this incident, especially the research involved in COVID-19.
For now there is still no information about restarting the affected supercomputers.