Cyber security news for all

More

    Supercomputers hacked across Europe to mine cryptocurrency

    In the wake of attacks and cyber-security issues, several institutions and research facilities in the UK, Switzerland, Germany, and Spain have had their supercomputers hacked by hackers with the aim of mining the Monero (XMR) cryptocurrency. The Universities affected include:

    • The University of Edinburgh, the first to report a breach, which operates the ARCHER supercomputer. As a result, the organization shut down the ARCHER system to investigate and also reset SSH passwords; to prevent further attacks after it’s nodes were compromised.

     

    • The high-performing computer at the Faculty of Physics, Ludwig-Maximilian University in Munich, Germany. After which Robert Helling (German scientist) issued an analysis of the threat.

     

    Institutions and research facilities were not left out of the attacks.

    • The bwPHC, in the state of Baden-Württemberg, Germany, was hit badly by the intrusion as five computers of their computers located at the University of Stuttgart, Karlsruhe Institute of Technology (KIT), Ulm University, and Tübingen University respectively were all shut down).

     

    • The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland, as well as a supercomputer in Barcelona, Spain, were also caught up with the infection.

     

    Thursday gave rise to two new reports: one from the Leibniz Computing Center (an institute under the Bavarian Academy of Sciences and the second was from the Julich Research Center in the town of Julich, Germany. The JURECA, JUDAS, and JEWELS (all supercomputers in Julich) were all shut down due to the “IT breach.”

    Compromised SSH LOGINS gave attackers access.

    The Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates research on supercomputers across Europe, was called in to investigate the breaches. They released samples of malware (gotten from infected institutions) as well as some indicators of a network compromise. They had the samples reviewed by Cado Security, which is a UK-based cyber-security system.

    From reviewed samples, the diagnosis shows that the attacks on the computers were a result of compromised SSH credentials; which are suspected to be stolen from members of the university in China, Poland, and Canada. With the stolen credentials, the attackers can access the computer’s node, gain root access through the exploit of CVE-2019-15666; and also deploy the application that mines the Monero (XMR) cryptocurrency.

    The co-founder of Cado Security said that ” while there is no official evidence to confirm that all the intrusions have been carried out by the same group evidence like similar malware file names and network indicators suggests this might be the same threat actor.”

    Sadly, this intrusion has impeded the research on COVID-19 being done by the affected universities.

    Recurrent incidents

    These “incidents” are not new stories; (though this was carried out by hackers) as more like this have been reported in the past. Although in  2018, arrests were made in Russia and investigations carried out in Australia; as employees were suspected of using the system to mine cryptocurrency.

     

     

     

     

    Recent Articles

    Personnel were asked to removed 89 apps which includes Instagram, Facebook, and others by the Indian Army

    Personnel are told by the Indian Army to delete 89 apps from their phones from July 15. This is in a bid to avoid...

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox