Cryptojackers hack multiple supercomputers across Europe to mine crypto

on May 18, 2020
Updated: Jun 1, 2022
  • The attackers gained access to the supercomputers by using compromised SSH credentials.
  • While the attacks were spread across Europe, Germany suffered most intrusions.
  • Cado Security, a cybersecurity firm believes one group was responsible for all the attacks.

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

An unknown group of hackers infected multiple supercomputers across Europe with crypto mining malware over the past week. A report unveiled this news on May 16, noting that the infections were confirmed in the UK, Switzerland, and Germany. There was also another suspected attack in Spain. Following these attacks, the operators of the supercomputers shut down their systems to probe the intrusions.

Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.

Per the publication, the first report of an attack came on Monday in the past week. The report was from the University of Edinburgh, which operates the ARCHER supercomputer. The institution reported that there was a security intrusion on the ARCHER login nodes. It added that it had shut down the system to investigate the intrusion. On top of this, the organization reset the SSH passwords to avoid further attacks.

There was also an alleged attack on a Barcelona-based supercomputer on Wednesday. On Thursday, the Leibniz Computing Center (LZR), an institute in the Bavarian Academy of Sciences revealed that it had suffered an attack that saw it shut down its supercomputer. The Swiss Center of Scientific Computations (CSCS) also had to shut down external access to its supercomputer following a cyber-incident.

Germany suffered most attacks

Copy link to section

While these attacks several European countries, Germany suffered most intrusions. The bwHPC, an organization that syncs research projects across supercomputers in the state of Baden-Württemberg, Germany unveiled that it had suffered an attack on May 11. bwHPC noted that it had to shut down five of its high-performance computing clusters following security incidents.

These clusters include,

  • The Hawk supercomputer at the High-Performance Computing Center Stuttgart (HLRS) at the University of Stuttgart
  • The bwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
  • The bwForCluster JUSTUS chemistry and quantum science supercomputer at the Ulm University
  • The bwForCluster BinAC bioinformatics supercomputer at the Tübingen University

Apart from these attacks, the Germany-based Julich Research Center had to shut its systems down following an attack on Thursday. Due to the intrusion, the center’s officials shut down the JURECA, JUDAC, and JUWELS supercomputers. On Saturday, the malicious actors struck again, infecting the high-performance computing platform at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany.

The hackers leveraged compromised SSH credentials

Copy link to section

None of the organizations published the details of the intrusions. However, Cado Security, a US-based cybersecurity firm believes that the hackers got access to the supercomputers by using compromised SSH credentials. The firm came to this conclusion after reviewing malware samples that Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI) collected.

Cado Security’s co-founder, Chris Doman noted that they did not find concrete evidence linking all the attacks to a specific group. However, he said that hints such as similar malware file names and network indicators suggested that one actor was responsible for all attacks.

Do you think the recent BTC halving will see cryptojacking incidents surge as malicious miners strive to make profits? Share your thoughts in the comment section below.


Want easy-to-follow crypto, forex & stock trading signals? Make trading simple by copying our team of pro-traders. Consistent results. Sign-up today at Invezz Signals™.

Learn more