Hackers raised their bar in cryptojacking across Europe by infecting supercomputers with malware to mine Monero (XMR) via compromised SSH credentials belonging to top organizations notably in Germany, United Kingdom, Spain, and Switzerland.
The co-founder of a UK-based CADO cybersecurity firm, Chris Doman reported that Germany appears to be most hit as high-performance computer Centres across the country reported to have been breached.
The University of Edinburgh was first to report the cybersecurity breach on the organization’s ARCHER supercomputer’s login nodes on Monday 11th of May 2020, stating that its ARCHER system was shut down immediately the hack was detected to carry out a full investigation and to block further breach by resetting its SSH passwords.
Leibniz Computer Center (LZR), a Bavarian academy of sciences institutes based in Germany announced the attack suffered on its supercomputers on Thursday which led to its shutting down of the supercomputers to avert further breach. Julich Research Center also reported an attack on its supercomputers due to the intrusive attack on Thursday as stated by its officials. This led to shutting down the operations of JUWELS, JURECA, and JUDAC supercomputers which did not stop another malicious attack from hackers from a further attack on Saturday leading to an infection of the supercomputer facility located at the Faculty of Physics, Ludwig-Maximilian’s University, Munich.
Other supercomputers belonging to notable organizations attacked in Germany are bwForCluster JUSTUS Chemistry and Quantum Science located the Ulm University, Hawk supercomputer located at the University of Stuttgart’s High-Performance Computing Center Stuttgart (HLRS), ForHLR II and bwUniCluster II clusters located at the Karlsruhe Institute of Technology (KIT) and bwForCluster BinAC bioinformatics located at the Tübingen University.
Further reports indicate that The Swiss Center of Scientific Computations also shut down its supercomputer from external access due to the cybersecurity breach on its high-performance supercomputers.
The firm stated that they reviewed malware samples gathered by the Computer Security Incident Response Team (CSIRT) on behalf of the European Grid Infrastructure (EGI). He, however, insisted that they found no solid evidence linking these recent attacks to any group but noted that a familiar malware may be responsible for these attacks.
According to Chris Doman, these widespread attacks of cryptojacking across europe was made possible by hackers leveraging on compromised SSH credentials which gave them access to these high-performance supercomputers even though there is no available publication on the details of the intrusions.