Supercomputers across Europe taken down by crypto-mining malware

Widespread attack has forced the University of Edinburgh's ARCHER machine offline

The ARCHER supercomputer that belongs to the Edinburgh Parallel Computing Centre (EPCC) based at the University of Edinburgh had been infected by cryptocurrency mining malware, forcing the machine offline.

The attack happened on 11 May and affected “a small number of user accounts”, which forced the EPCC to disable access to the supercomputer in order “to allow further work to confirm the extent of the issue”. 

According to the most recent statement by the University of Edinburgh, the institute is cooperating with the National Cyber Security Centre (NCSC) in order to investigate the issue and has taken additional steps to ensure the future security of their supercomputer. 

“All of the existing ARCHER passwords and SSH keys will be rewritten and will no longer be valid on ARCHER,” the institute said. “When ARCHER returns to service all users will be required to use two credentials to access the service: an SSH key with a passphrase and their ARCHER password. It is imperative that you do not reuse a previously used password or SSH key with a passphrase.”

Additional updates regarding ARCHER are to be provided today. Neither the EPCC nor the University of Edinburgh had responded to IT Pro’s request comment at the time of publication.

ARCHER has been part of EPCC since 2013, providing researchers with the ability to run simulations and calculations requiring ‘large numbers of processing cores working in a tightly-coupled and parallel fashion’.

Days after the incident took place, it was revealed that multiple other supercomputers around Europe had been hacked in order to mine cryptocurrency.

The bwHPC, a German organisation responsible for coordinating research projects, also reported an “IT security incident" affecting five of its supercomputers based in universities of Stuttgart, Ulm, Karlsruhe, and Tübingen.

Related Resource

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now

On 13 May, security researcher Felix von Leitner reported on his blog that a supercomputer in Barcelona, Spain, had also been shut down because of cryptocurrency mining malware, and on 14 May, the Leibniz Computing Center (LRZ), Julich Research Center, and the Technical University in Dresden were also forced to shut down their supercomputers.

Over the weekend, The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland also reported a "cyber-incident" which caused external access to its supercomputer infrastructure to be closed down. Also on Saturday, German scientist Robert Helling reported the infection of an HPC cluster belonging to the Ludwig-Maximilians University in Munich, Germany. He also analysed the malware on his blog.

It is not known whether the incident has affected any of the universities’ research into the coronavirus pandemic.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Android malware vendor teams with marketer to promote new malware
malware

Android malware vendor teams with marketer to promote new malware

11 Jan 2021
Python-based malware steals Outlook files and browser credentials
malware

Python-based malware steals Outlook files and browser credentials

15 Dec 2020
Subway UK customers targeted by Trickbot hackers
hacking

Subway UK customers targeted by Trickbot hackers

14 Dec 2020
Power banks could infect your smartphone with malware
malware

Power banks could infect your smartphone with malware

9 Dec 2020

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021