These safety breach incidents were initially reported in the UK, Switzerland and Germany. Furthermore, another hacking incident took place at Spain’s high-performance computing center.
Most of the hacking incident seems to have aimed at universities. On Monday, University of Edinburgh, which administers the ARCHER supercomputer, revealed the first hacking incident.
Afterwards, top universities having systems with large processing power such as the computing groups in the Baden-Württemberg, Germany also reported hacking attempts and were eventually shutdown.
Later that week, additional hacking incidents took place in Spain, Germany and Switzerland institutions. Prominent institutions affected are groups in the Leibniz Computing Center (LRZ), an organization managed by the Bavarian Academy of Sciences, Julich town based Julich Research Center (Germany), faculty of Physics at the Munich (Germany) based Ludwig-Maximilians University, and Zurich (Switzerland) based Swiss Center of Scientific Computations (CSCS).
The malware patterns published by the Computer Security Incident Response Team (CSIRT) were scrutinized by a cyber-security firm headquartered in the US. CSIRT covers entire Europe, harmonizing study on supercomputers throughout the continent.
The cyber-security firm opined that hackers seem to have purloined the SSH (Secure Shell) certifications of university students in China, Canada and Poland with a motive of accessing the supercomputer bundles. SSH is fundamentally a cryptographic network covenant for running network services in a safe manner on top of an unsecured network.
Chris Doman, Co-Founder of Cado Security detailed further as follows:
“Once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.”
Notably, university campuses have taken the second position in the list of top miners of digital currency in the cryptocurrency sector.