EU Supercomputers Hijacked From COVID-19 Research to Mine Cryptocurrency

A number of supercomputers programmed to search for a vaccine for the coronavirus were remotely hijacked last week using stolen credentials.

AccessTimeIconMay 19, 2020 at 8:00 a.m. UTC
Updated Sep 14, 2021 at 8:43 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

European supercomputers programmed to search for a vaccine for COVID-19 were remotely hijacked last week for the purpose of mining cryptocurrency.

According to a report by ZDNet, multiple supercomputers across the European Union were compromised by a string of malware attacks that required a shutdown after it was discovered they were being used for crypto mining – also known as cryptojacking. The hackers had gained entry via stolen SSH (remote access) credentials from individuals authorized to operate the machines.

Security researcher Chris Doman, co-founder of Cado Security, told ZDNet the malware was designed to use the supercomputers' processing power to mine monero (XMR). It is also believed a number of the compromised supercomputers were being used to prioritize research for a coronavirus vaccine, although details surrounding the hacks and the computer's purpose appear to have been left deliberately vague.

Security incident reports came from Germany, the U.K. and Switzerland, with a potential hijack also said to have occurred at a high-performance computer located in Spain.

The first reported incident took place on May 11 at the University of Edinburgh, which operates the ARCHER supercomputer. "Due to a security exploitation on the ARCHER login nodes, the decision has been taken to disable access to ARCHER while further investigations take place," the university announced in a public update.

To date, the ARCHER supercomputer is still down pending further security purges, as well as a reset of its system and passwords. "The ARCHER and Cray/HPE System Teams continue to work on ARCHER and getting it ready to return to service. We anticipate that ARCHER will be returned to service later this week," the university said.

Spate of breaches

Germany-based bwHPC, an organization that coordinates research projects across supercomputers in the state of Baden-Wurttemberg, declared five of its high-performance computing clusters had to be shut down due to similar "security incidents."

A supercomputer located in Barcelona, Spain, was also impacted on May 13, with researcher Felix von Leitner declaring in a blog post the computer had a security issue and had to be shut down.

On May 14, further incidents began cropping up with the first one coming from Leibniz Computing Center (LZR), an institute with the Bavarian Academy of Sciences. The Academy said it had disconnected a computing cluster from the internet after its security was breached.

On Saturday, German scientist Robert Helling published an analysis on the malware that was infecting a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximillian University University in Munich, Germany.

And in Switzerland, the Swiss Center of Scientific Computations (CSCS) in Zurich also shut down external access to its supercomputer infrastructure following a "cyber-incident" on Saturday.

Similar incidents have occurred in the past. Earlier this year a group of hackers known as "Outlaw" began infiltrating Linux-based enterprise systems in the U.S. in order to hijack personal computing power and mine XMR.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.