Stories
Slash Boxes
Comments

SoylentNews is people

Crypto-Mining Campaign Hits European Supercomputers

posted by cmn32480 on Monday May 18 2020, @08:35PM   Printer-friendly
from the take-the-money-and-run dept.

martyb writes:

Crypto-Mining Campaign Hits European Supercomputers:

Several supercomputers across Europe were taken offline last week after being targeted in what appears to be a crypto-mining campaign.

In a notice on Saturday, the Swiss National Supercomputing Centre (CSCS) revealed that it too has been hit, along with other “HPC [High Performance Computing] and academic data centres of Europe and around the world.”

CSCS said it detected malicious activity related to these attacks and it has decided to suspend external access until the issue is addressed.

[...] While CSCS’ notice says that the background of the attack is currently unclear, the European Grid Infrastructure (EGI) security team issued an alert claiming that the purpose of the attack is cryptocurrency mining.

EGI mentions two security incidents “that may or may not be correlated,” which impact academic data centers, revealing that compromised SSH credentials are being used by the attackers to jump from a victim to another.

As part of the assaults, compromised hosts are being used as Monero (XMR) mining hosts, as XMR-proxy and SOCKS-proxy hosts, and as tunnel hosts (for SSH tunneling), EGI’s team explains.

[...] The attacks targeted multiple victims in Germany, including the Jülich Supercomputing Centre (JSC)-maintained JURECA, JUDAC, and JUWELS, the HPC systems at Leibniz Supercomputing Centre (LRZ), the Taurus supercomputer at the Technical University in Dresden, and five HPC clusters coordinated by bwHPC, among others.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Crypto-Mining Campaign Hits European Supercomputers | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by maxwell demon on Wednesday May 20 2020, @05:16AM

    by maxwell demon (1608) on Wednesday May 20 2020, @05:16AM (#996754) Journal

    In my mind, the computers you submit from onto the queue are part of the supercomputer. After all, you cannot submit just from anywhere on the internet (now that would be irresponsible), you can do so only from dedicated computers. And you definitely need an account on those computers in order to submit jobs. Also note that when you submit a job to the actual computing nodes, what you have is literally arbitrary code execution (that's the whole point of it), and therefore any exploit you can do from a shell you also can do from a submitted job.

    Of course you won't get administrative access, but at least where I worked, you wouldn't get that for the computer on your desk either.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3