More than a dozen supercomputers in Germany, the UK, Switzerland, and Spain were targeted by a group of hackers to mine crypto, with many being taken offline as a result of the hacks. The first system that was targeted is believed to be “Archer,” a supercomputer at the University of Edinburgh, Archer was being used to perform analysis of coronavirus research before being taken offline.
The hacker group stole login credentials to hack into the system.
The hacker group reportedly gained access to the targeted supercomputers by stealing login credentials from compromised networks at universities in China and Poland. According to cybersecurity firm Cado Security, it is quite common for users at different high-performance computing facilities to have logins for other institutions, making it easy for attackers to gain access. In two incidents, the hacker group connected to the supercomputers using a compromised SSH account. It then exploited a vulnerability in the Linux kernel to gain root access and install Monero crypto mining software. The crypto mining software had been set up to run only at night to avoid the risk of getting caught.
Cyberattacks disrupted the research about the ongoing pandemic.
Most of the supercomputers that got attacked by crypto-mining malware were involved in the research of ongoing pandemic. According to a notification from the Swiss Center of Scientific Computations in Zurich referred to the malicious activity that resulted in external access to the center being closed until security issues were fixed. The only motivation visible behind the hack was installing Monero mining malware to make some money, but it is also speculated that the attack could be a major to disrupt the research going about the pandemic. If the ongoing coronavirus pandemic research on the targeted systems was simply a coincidence, it was certainly an unfortunate one, as these attacks disrupted current research into the pandemic.
