Several supercomputers which were being used for mining of the cryptocurrency were comprised by a string of malware attack. The various supercomputers were remotely working across Europe and required immediate shut down after it was found that they were being used for cryptojacking.
One of the individual working within shared the crucial information and credentials of stolen SSH with the hackers. The hacker after obtaining the remote access to operate the machines did it all. The co-founder of Cado Security, Chris Doman said that the malware was designed to use the supercomputers’ processing power to mine monero (XMR). In a reported it is speculated that multiple numbers of compromised supercomputer were being used to prioritize research for a coronavirus vaccine. However, no certainty has been given by the authorization on the details surrounding the hacks and the computer’s purpose.
The reports which came from Germany, the U.K. and Switzerland is believed to have that potential highjack occurred at a high-performance computer located in Spain. The first incident according to the reports took place on May 11th at the University of Edinburgh that operates the ARCHER supercomputer. The university announced in a public updates that, “Due to a security exploitation has been taken to disable access to ARCHER while further investigations take place.”
In order to reset its system and passwords along with the security purges, the ARCHER supercomputers are down and dysfunctional. The university in a statement said, ”The ARCHERS and Cray/HPE System Teams continue to work on ARCHER and getting it ready to return to service. We anticipate that ARCHER will be returned to service later this week.”
An analysis published by a German Scientist Robert Helling revealed that the malware was infecting a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximillian University in Munich, Germany.
In a blog post written by the researcher Felix von, he revealed that another supercomputer located in Barcelona, Spain was also impacted on 13th May and had a security, therefore, it eventually shut down.