Coindesk Logo

EU Supercomputers Hijacked From COVID-19 Research to Mine Cryptocurrency

EU Supercomputers Hijacked From COVID-19 Research to Mine Cryptocurrency

EU Supercomputers Hijacked From COVID-19 Research to Mine Cryptocurrency

A number of supercomputers programmed to search for a vaccine for the coronavirus were remotely hijacked last week using stolen credentials.

A number of supercomputers programmed to search for a vaccine for the coronavirus were remotely hijacked last week using stolen credentials.

A number of supercomputers programmed to search for a vaccine for the coronavirus were remotely hijacked last week using stolen credentials.

AccessTimeIconMay 19, 2020, 8:00 AM
Updated Aug 19, 2021, 2:07 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

European supercomputers programmed to search for a vaccine for COVID-19 were remotely hijacked last week for the purpose of mining cryptocurrency.

According to a report by ZDNet, multiple supercomputers across the European Union were compromised by a string of malware attacks that required a shutdown after it was discovered they were being used for crypto mining – also known as cryptojacking. The hackers had gained entry via stolen SSH (remote access) credentials from individuals authorized to operate the machines.

Security researcher Chris Doman, co-founder of Cado Security, told ZDNet the malware was designed to use the supercomputers' processing power to mine monero (XMR). It is also believed a number of the compromised supercomputers were being used to prioritize research for a coronavirus vaccine, although details surrounding the hacks and the computer's purpose appear to have been left deliberately vague.

Security incident reports came from Germany, the U.K. and Switzerland, with a potential hijack also said to have occurred at a high-performance computer located in Spain.

The first reported incident took place on May 11 at the University of Edinburgh, which operates the ARCHER supercomputer. "Due to a security exploitation on the ARCHER login nodes, the decision has been taken to disable access to ARCHER while further investigations take place," the university announced in a public update.

To date, the ARCHER supercomputer is still down pending further security purges, as well as a reset of its system and passwords. "The ARCHER and Cray/HPE System Teams continue to work on ARCHER and getting it ready to return to service. We anticipate that ARCHER will be returned to service later this week," the university said.

Spate of breaches

Germany-based bwHPC, an organization that coordinates research projects across supercomputers in the state of Baden-Wurttemberg, declared five of its high-performance computing clusters had to be shut down due to similar "security incidents."

A supercomputer located in Barcelona, Spain, was also impacted on May 13, with researcher Felix von Leitner declaring in a blog post the computer had a security issue and had to be shut down.

On May 14, further incidents began cropping up with the first one coming from Leibniz Computing Center (LZR), an institute with the Bavarian Academy of Sciences. The Academy said it had disconnected a computing cluster from the internet after its security was breached.

On Saturday, German scientist Robert Helling published an analysis on the malware that was infecting a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximillian University University in Munich, Germany.

And in Switzerland, the Swiss Center of Scientific Computations (CSCS) in Zurich also shut down external access to its supercomputer infrastructure following a "cyber-incident" on Saturday.

Similar incidents have occurred in the past. Earlier this year a group of hackers known as "Outlaw" began infiltrating Linux-based enterprise systems in the U.S. in order to hijack personal computing power and mine XMR.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.