Several supercomputers used in research institutes across Europe have been infected with cryptocurrency mining malware by threat actors since January 2020. The malware attacks have been reported in the U.K., Germany, and Switzerland at their respective high-performance computing centers and laboratories. The supercomputers are temporarily shut down to investigate the incident.
The incident came into light after the University of Edinburgh, which runs the ARCHER supercomputer, reported the security exploitation on the ARCHER login nodes. “Due to a security exploitation on the ARCHER login nodes, the decision has been taken to disable access to ARCHER while further investigations take place,” the authorities said in a statement. It is said that attackers infected the login portal of the supercomputers, however the machinery that runs the computations were not impacted in the incident.
Similarly, bwHPC, the organization that coordinates research projects across supercomputers in Germany, reported that five of its high-performance computing clusters were taken down due to security incidents.
“Due to an IT security incident the state-wide High Performance Computer (HPC) systems- bwUniCluster 2.0, ForHLR II, bwForCluster JUSTUS, bwForCluster BinAC, and Hawk are currently not available. Our experts are already working on an assessment of the problem,” bwHPC said.
In Switzerland, the Swiss Center of Scientific Computations (CSCS) confirmed that its supercomputer facilities had been attacked and that it had temporarily closed access.
“CSCS detected malicious activity in relation to these attacks. Due to this situation, the external access to the center has been closed until having restored a safe environment. The users were informed immediately and are kept up to date. Not affected are the weather forecasts of MeteoSwiss, which are also calculated at CSCS,” the authorities said.
More security incidents surfaced reporting similar kinds of attacks. A similar intrusion was reported at a high-performance computing center located in Spain. Security researcher Felix von Leitner claimed that a supercomputer stored in Barcelona was affected by a security issue and had been shut down.
It is unclear if the attacks were linked to a particular hacking crew. The authorities did not provide any further information on the security incidents.