Several supercomputers in European nations have been shut down following reports that they’ve been infected with cryptocurrency mining malware. Thus far, devices in countries such as the United Kingdom, Switzerland and Germany have all been affected and taken offline at the time of writing.
Mining Malware Shuts Down Supercomputers
There is now an ongoing investigation into where the malware came from and which parties are potentially responsible for uploading it onto the computers. The malware was first discovered by the University of Edinburgh in Scotland. The institution issued a report saying that the harmful software had allegedly been downloaded onto the school’s ARCHER supercomputer, and that all passwords were being reset while an internal investigation took place.
An organization in Germany called bwHPC – which coordinates research projects across computers – says it also unveiled similar malware on several of its super devices and networks.
As scary as it all sounds, however, once you strip away the words, “supercomputer” and “nations,” this is simply a case of plain old crypto jacking. The process occurs when a hacker (or hackers) gains access to a person’s digital device or computer without their knowledge or permission. From there, they begin to mine cryptocurrencies for a profit.
Typically, the cryptocurrency that’s the object of the hacker’s affections, so to speak, is Monero, which is often popular amongst black hat wearers for its quasi-anonymous properties. The person is then able to make money from their little operation while the original owner of the device earns nothing, unless you count the large and expensive energy bills that they likely receive in their mailboxes each month.
In any case, supercomputers are known for encompassing mass amounts of data in their systems, much of which is private or confidential in some way. Aside from the countries mentioned above, there is also a wide-spreading rumor that a supercomputer in Barcelona, Spain was hacked and infected with the same malware, though that rumor has not yet been confirmed.
As it stands, the computer in Spain has merely reported a “security issue” and has been subsequently shut down, though few details have been given at press time.
None of the corresponding owners or operators of the affected supercomputers have published detailed reports regarding their findings. However, there are traces of similarities in the malware discovered based on software samples that have been gathered from each of the affected devices.
Too Many Similarities
The Computer Security Incident Response Team (CSIRT) notes that each of the samples contain similar coding and credentials, which suggests that perhaps the same hackers are involved with each device.
Thus far, many of the released credentials appear to belong to professors or other staff members that possess direct access to the supercomputers. These credentials stem from several different universities, including those in China, Poland, and Canada.