Cyber security news for all

More

    Supercomputers hacked across Europe to mine cryptocurrency

    In the wake of attacks and cyber-security issues, several institutions and research facilities in the UK, Switzerland, Germany, and Spain have had their supercomputers hacked by hackers with the aim of mining the Monero (XMR) cryptocurrency. The Universities affected include:

    • The University of Edinburgh, the first to report a breach, which operates the ARCHER supercomputer. As a result, the organization shut down the ARCHER system to investigate and also reset SSH passwords; to prevent further attacks after it’s nodes were compromised.

     

    • The high-performing computer at the Faculty of Physics, Ludwig-Maximilian University in Munich, Germany. After which Robert Helling (German scientist) issued an analysis of the threat.

     

    Institutions and research facilities were not left out of the attacks.

    • The bwPHC, in the state of Baden-Württemberg, Germany, was hit badly by the intrusion as five computers of their computers located at the University of Stuttgart, Karlsruhe Institute of Technology (KIT), Ulm University, and Tübingen University respectively were all shut down).

     

    • The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland, as well as a supercomputer in Barcelona, Spain, were also caught up with the infection.

     

    Thursday gave rise to two new reports: one from the Leibniz Computing Center (an institute under the Bavarian Academy of Sciences and the second was from the Julich Research Center in the town of Julich, Germany. The JURECA, JUDAS, and JEWELS (all supercomputers in Julich) were all shut down due to the “IT breach.”

    Compromised SSH LOGINS gave attackers access.

    The Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates research on supercomputers across Europe, was called in to investigate the breaches. They released samples of malware (gotten from infected institutions) as well as some indicators of a network compromise. They had the samples reviewed by Cado Security, which is a UK-based cyber-security system.

    From reviewed samples, the diagnosis shows that the attacks on the computers were a result of compromised SSH credentials; which are suspected to be stolen from members of the university in China, Poland, and Canada. With the stolen credentials, the attackers can access the computer’s node, gain root access through the exploit of CVE-2019-15666; and also deploy the application that mines the Monero (XMR) cryptocurrency.

    The co-founder of Cado Security said that ” while there is no official evidence to confirm that all the intrusions have been carried out by the same group evidence like similar malware file names and network indicators suggests this might be the same threat actor.”

    Sadly, this intrusion has impeded the research on COVID-19 being done by the affected universities.

    Recurrent incidents

    These “incidents” are not new stories; (though this was carried out by hackers) as more like this have been reported in the past. Although in  2018, arrests were made in Russia and investigations carried out in Australia; as employees were suspected of using the system to mine cryptocurrency.

     

     

     

     

    Recent Articles

    Millions of RDP attacks on home offices

    Since the corona related move to the home office, the number of daily hacker attacks on remote desktop connections has increased more than tenfold....

    KuCion crypto confirms 150 million dollar security breach

    Cyber criminals were able to steal from the KuCion crypto and stole coins worth millions. On the evening of last Friday, KuCion crypto noticed...

    Hungarian banks were the target of a massive DDoS attack

    Several banks and the Hungarian Telekom have been the target of a cyber attack. The attacks are said to have come in several waves...

    The source code of Windows XP is leaked

    The source code of Windows XP is currently freely accessible. The media says that data first appeared on 4chan and is currently being exchanged...

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox