Supercomputers in European countries including Germany, the UK and Switzerland were forced to shut down amid a series of intrusions made with the goal of installing cryptocurrency-mining malware, according to ZDNet. A similar "security incident" was reported from a high-performance computing centre in Spain. The malware reportedly saw the shutdown of the supercomputers as a means of restoring "a safe environment" and rewriting passwords and credentials.
Several intrusions reportedly took place over the last week, beginning with a Monday attack reported by the University of Edinburgh running the ARCHER supercomputer and followed by similar reports from Germany, Spain and Switzerland. The attacks were aimed at nodes that control computing clusters, which were then apparently infected with malware.
According to a European Grid Infrastructure (EGI) security team report, the attacks - originating in Poland and China - were carried out by stealing SSH credentials from authorized users.
Chris Doman, co-founder of Cado Security, told ZDNet that there was no clear evidence that all attacks were conducted by the same group. The malware filenames and network indicators, however, leave space for alleging that the source of the threats could be the same.
According to Doman, hackers installed malware that mined the Monero (XMR) cryptocurrency, after accessing the supercomputers' controlling nodes using an exploit for a CVE-2019-15666 vulnerability, allowing root access to the computers.
Several supercomputers targeted in the attacks, including Edinburgh's ARCHER, were prioritizing COVID-19 research, work which has now likely been obstructed by the intrusion and the resulting shutdown.
Amid the ongoing COVID-19 pandemic, there have been many reports on hacker attacks directed at the World Health Organization, the Wuhan Institute of Virology, as well as possible security breaches and personal data protection issues revolving around the apps used to track those who have contacted COVID-19-positive victims.