European COVID-19 research supercomputers were hacked and infected with crypto-mining malware by an anonymous cyber-crime gang over the past one week. More than ten supercomputers in Germany, the United Kingdom, Spain, and Switzerland were attacked by a group of hackers to illegally mine cryptocurrencies.
Moreover, following the crypto-jacking of COVID-19 research supercomputers, some of them have had to be shut down to curb the damage. Among the supercomputers shut down is the University of Edinburgh’s “Archer” supercomputer. Archer was performing COVID-19 research analysis before being taken offline.
According to reports, the hacking group stole COVID-19 research supercomputer’s login credentials to gain access. The unknown group stole credentials from compromised networks of universities in Poland and the People’s Republic of China.
A cybersecurity firm, Cado Security noted that it is normal practice for users from various high-performance computing facilities to have credentials of other institutions. This makes it easy for hackers to sieve their login credentials.
COVID-19 research supercomputers installed with Monero mining software
In two of the events, the attackers linked with the supercomputers through a compromised SSH account. The account then took advantage of a weakness on the Linux kernel to get access and afterward installed a Monero mining software. Interestingly, the crypto-jacking malware has been set to operate during the night only, to avoid detection.
Furthermore, the majority of targets were COVID-19 research supercomputers. These computers were being used in conducting the coronavirus pandemic research. As per a publication by the Swiss Center of Scientific Computations in Zurich, the illegal crypto-mining activity led in the external access to the center taken offline to fix security issues.
The attackers’ intention of installing crypto-jacking malware is believed to make some cash. Regardless, the attack is contemplated as to cause a major disruption in the ongoing coronavirus pandemic research due to the intrusion and the resulting downtime.
This incident is yet another example that hackers are not satisfied with making money merely from their data hacks where they later sell compromised information online. On the contrary, they keep flowing with the air to take advantage of users’ weaknesses (whether it’s emotional or machine/software hole) to fill their pockets at the fullest.