News Hub

Successive cyber attacks shut down European supercomputers working on Covid-19 research

Written by Mon 18 May 2020

Data centres in UK, Spain, Germany and Switzerland confirm intrusions

European high-performance supercomputers were subject to a string of related cyber attacks last week that forced academic insitutions to temporarily take systems offline.

A large number of the academic institutions impacted were using their supercomputers to run Covid-19 research workloads.

According to the European Grid Infrastructure (EGI) security team, two distinct attacks were operating against academic data centres across Europe.

EGI, which coordinates European supercomputing research, said mining malware was found on affected servers, suggesting the hackers were attempting to steal system power to mine cryprocurrency for financial gain, rather than to steal sensitive data or intellectual property.

At this stage we don’t know details of every supercomputing system affected by the campaign. But according to UK security firm Cado Security, the malware was uploaded to servers in Germany, United Kingdom, Spain and Switzerland – and the researchers also identified possible victims in the United States and China.

Nonetheless, a series of supercomputing institutions in Europe reported similiar security incidents over the last week, giving us a flavour of the scale of the attacks.

On Monday, the University of Edinburgh in Scotland reported that the ARCHER supercomputer, one of the nation’s most powerful machines, was impacted by a security incident.

The supercomputer has been taken offline so all passwords and server access keys can be rewritten. The National Cyber Security Centre and HPE/Cray, the manufacturers who helped build ARCHER, are working with the University to get the system securely back online.

A University of Edinburgh spokesperson told DCD that no research, client or personal data was seized during the attack.

In Germany, supercomputing research organisation bwHPC announced that five of its high-performing computing clusters were shut down to deal with security incidents, including the Hawk supercomputer at the University of Stuttgart and systems at the Karlsruhe Institute of Technology, Ulm University and Tübingen University.

Other German insitutions impacted include the Leibniz Computing Center (LRZ), the Julich Research Center, which shut down its JURECA, JUDAC and JUWELS supercomputers, and the University of Dresden, which has taken the Taurus supercomputer offline.

Security researcher Felix von Leitner also claimed a supercomputer in Barcelona was attacked and that it was shut down in response. Meanwhile in Switzerland, the Swiss Center of Scientific Computations (CSCS) in Zurich has also shut down its systems while it investigates a security incident.

It is unclear at this stage if one or more threat actors are responsible for the incidents, but we do know the victims were targeted via compromised server logins belonging to universities in Canada, China and Poland.

Written by Mon 18 May 2020


Coronavirus hpc supercomputing
Send us a correction Send us a news tip