Numerous supercomputers based in the European Union recently faced an attack by hackers using the nodes to mine cryptocurrency. This kind of attack, known as cryptojacking, sees a malicious entity infiltrate a computer with malware. This happens in order for the hacker to infect the computer to mine cryptocurrency so that they can gain the mining rewards without incurring the costs of the energy needed to run mining devices.
As reported by ZDNet, the computers required full a shut down in order to investigate the attacks. The first report came after an attack at the University of Edinburgh, which operates the ARCHER supercomputer. Other incidents of the cryptojacking come from Germany, the United Kingdom, Switzerland and a potential attack on a supercomputer in Spain. All attacks show similar breaches at different points across the week.
Cryptojacking For Monero
According to UK-based cyber-security firm Cado Security co-founder Chris Doman, the mining malware infecting the computers was developed to mine privacy-focused cryptocurrency Monero (XMR). Doman told ZDNet, that there is no explicit evidence to confirm that the attacks were made by the same group. However, similar malware file names and network indicators strong imply that the attack comes from the same threat. As per the report,
“[Once] attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.”
Access Through Stolen SSH Credentials
According to Cado Security, the malware samples show that the attackers seemed to gain access to the groups of supercomputers through SSH credentials. These appear to have been stolen from members of the universities attacked. The logins from the hijacked SSH credentials come from universities in Canada, China and Poland.
While cryptojacking is not new, this stands as one of the most malicious attacks the industry has recently faced.