Many supercomputers across Europe fell victim to a widespread and seemingly coordinated cyber attack last week, when they got hit with the illicit installation of the malware focused on mining Monero (XMR). We can see that hackers targeted supercomputers in Europe in order to compromise them and mine Monero (XMR) through them.
Apparently, there are many computers of this kind in Germany, Spain and Switzerland, according to the confirmed infections via individual reports last week. In all instances, there are a few details in common – such as the similar network indicators and file names as well as malware that is programmed to specifically mine Monero, which is the 14th largest cryptocurrency by market cap now.
Chris Doman of Cado Security is in the Monero news now, after he talked to the tech publication ZDNet and said that no definite evidence of the attacks being related to one actor or group exists, aside from the similarities mentioned above.
the university of Edinburgh, which runs the ARCHER supercomputer, was the first to report an intrusion. The team detected exploitation on their login nodes, as published on this link, and swiftly shut down the computer in order to prevent further attacks. Investors targeted supercomputers in Europe and wanted to breach them via the All Secure Shell (SSH) passwords which were reset as an additional security measure.
Meanwhile, reports in Germany announced five supercomputing clusters and how they were shut down after similar “security incidences” which were all present in technology-centric universities in the country. These included the University of Stuttgart and Tuebingen, where hackers targeted supercomputers to mine XMR.
The Swiss National Supercomputing Center also talked about this and said that investors targeted supercomputers in the country, confirming a breach and noting that “external access” to their infrastructure was there following a “cybersecurity incident.”
Based on the malware samples, the Europe Computer Security Incident Response Team (CSIRT) published its findings and noted that “XMR mining hosts” were deployed as hackers targeted supercomputers during certain attack instances.
“The attacker uses these hosts from the XMR mining hosts, to connect to other XMR-proxy hosts and eventually to the actual mining server,” they noted.
In one instance, the Monero mining bot was configured to operate only at night hours, mainly in order to prevent detection.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post