European countries' supercomputers hacked, series of attacks for Monero mining

European countries including the UK, Germany, Switzerland, and Spain have experienced hacking incidents this week. It is reported that attackers used leaked SSH (Secure Shell, a cryptographic network protocol) credentials to compromise supercomputers, mining Monero (XMR) cryptocurrency. To prevent further attacks, most supercomputers have been temporarily shut down or disconnected from external networks.

Supercomputer Attacks on the Rise

According to a report from ZDNet on May 16th, the University of Edinburgh in the UK was the first to announce that their ARCHER supercomputer was under attacksource. The Edinburgh Parallel Computing Centre and hardware vendor HP/Cray immediately launched an investigation, with ARCHER requesting users on May 13th to reset all ARCHER and SSH passwords to prevent further intrusion.

Meanwhile, the bwHPC research organization coordinating supercomputing in the Baden-Württemberg region of Germany also announced shortly after that they were under attack, leading to five major universities in the area forming a supercomputer cluster having to disconnect from external connections.

Subsequently, supercomputers in Barcelona, Spain, the Leibniz Computing Center (LRZ) in Bavaria, Germany, the Jülich Research Center in Jülich, Germany, the Technical University of Dresden, and the Swiss National Supercomputing Centre (CSCS) all reported detecting attacks related to the aforementioned incidents, taking similar measures to sever external connections.

Elaborate Attacks for Monero Mining

After conducting preliminary investigations into a series of events, the Computer Security Incident Response Team (CSIRT) at the European Grid Infrastructure (EGI) found that hackers stole SSH credentials from sources such as universities in Poland, Canada, Shanghai Jiao Tong University in China, and the China Science & Technology Network (CSTNet) to gain access to supercomputer clusters. They then used this access to launch attacks on other institutions and maliciously mine Monero (XMR) on compromised supercomputers.

Another cybersecurity company, Cado Security, stated that the samples from the two incidents were named Loader and Cleaner, with the former executing the attackers' commands and the latter able to remove log files to erase evidence of the attacks. Chris Doman, co-founder of Cado Security, mentioned:

"The attackers gained access to the supercomputers, seemingly through a vulnerability like CVE-2019-15666, and deployed mining applications for Monero (XMR)."

The Preferred Choice for Malicious Mining

Malicious mining software remains a prevalent method of cyber attacks. Incidents where hackers embed mining software into images using steganography to hijack computational resources when users download the images have been reported, involving prominent figures like the late Kobe Bryant and American singer Taylor Swift. Among cryptocurrencies, Monero (XMR) is a popular choice for hackers to implant malicious mining software on others' computers. Although not the most valuable cryptocurrency, Monero's blockchain system utilizes the ASIC-resistant consensus algorithm RandomX, providing hackers with sufficient economic incentives to exploit regular users' computers.

Furthermore, Monero's anonymous and untraceable nature makes it difficult for exchanges or cybercrime investigation units to trace the flow of funds, allowing attackers to safely transfer tokens to exchanges and cash out without detection. With such a significant attack event, regulatory authorities worldwide may intensify scrutiny on Monero or other privacy coins, a concern for current investors.

Related Reading

• Europol: Monero Transactions Untraceable
• Kaspersky: Cryptocurrency Mining Attacks Declined Sharply in 2019, Ransomware on the Rise

Join our Telegram channel for the latest in Fintech, Blockchain insights, and industry updates!