Reportedly, several big European firms who posses’ supercomputers are now the primary target for cryptojackers. These computers are infected with crypto mining malware and are now shut down to examine the invasion.
Cryptojackers modus operandi
These attacks, according to a cybersecurity researcher, Chris Doman, have been carried out by the same hacker or group because of similar malware codes with cases reported in Switzerland, England, and Germany. Reportedly, a high-performance computing center in Spain has also been attacked.
The attack began in England on May 11, when the security of supercomputer ARCHER from the University of Edinburgh was breached. It leads to the shutting down of one of the most powerful computers in the country as all its passwords and SSH keys had to be rewritten.
Days after, it became evident that the attack was already becoming an issue in the academic community. An organization that conducts research projects into supercomputers in Germany also announced on Monday that its high-performance computing clusters had to be shut down due to similar “security incidents.”
None out of all the organizations hit by the firm published any detail about the intrusion. The Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), an organization that coordinates research on supercomputers in Europe, released malware samples and network compromise indicators from some of these incidents.
Cryptojackers mine Monero with a compromised supercomputer
A US-based firm cybersecurity firm reviewed the samples, and it was concluded the hackers were able to get access to the supercomputers through compromised SSH credentials. The accesses were stolen from university members given access to the supercomputers to run computing jobs.
Reportedly, one of the supercomputers node compromised was used to mine Monero as it is not the first time crypto-mining malware has been installed on a supercomputer. Previously, however, an employee used to install the software unlike now when the cryptojackers did themselves.