European University supercomputers take a hit – cryptocurrency mining malware suspected

European University supercomputers take a hit – cryptocurrency mining malware suspected

Major educational facilities are among those whose supercomputers have been infected – in the UK, Switzerland, Germany & one probably in Spain – according to today’s reports.

Some supercomputers across Europe have had to be shut down following the infection with cryptocurrency mining malware.

Attacks have been confirmed in the UK, Germany, and Switzerland, according to ZDNet, with a  suspected penetration at a Spanish high-performance computing centre.


Jake Moore, a Cyber-security Specialist at ESET said that supercomputers are lucrative targets for malicious players due to the ”sheer amount of money” they can create via mining.

PCs simply cannot mine digital currencies at anywhere near the rate at which supercomputers can.

Moore observed “What’s interesting about this is that it seems hackers have targeted the supercomputers completely remotely for the first time, as before there has always been an insider who installs the crypto mining malware used for the attack.”


Also, he added that all the SSH login credentials will now need resetting, which may take a while, but that this is vital to stop further attacks.

“Once a list of credentials is compromised, it is a race against time to have these reset, ” Moore cautioned.

“Unfortunately, the lead time is usually enough of a head start for threat actors to take advantage of the mining software.”

The initial attack was reported on May 11 on the ARCHER supercomputer at the University of Edinburgh.

The university revealed there had been a “security exploitation on the ARCHER login nodes”.


It shut down the ARCHER system to investigate matters & reset SSH passwords to stop any more intrusions.

The research organisation that co-ordinates across supercomputers in Baden-Württemberg, Germany, the bwHPC, said 5 of its high-performance computing clusters were shut down through similar security incidents.

They included the Hawk supercomputer at the University of Stuttgart’s High-Performance Computing Center Stuttgart (HLRS), bwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT).


Also hit were the bwForCluster JUSTUS chemistry & quantum science supercomputer at the Ulm University, & the bwForCluster BinAC bioinformatics supercomputer at the Tübingen University, both in Germany.

Additional incidents were reported at a supercomputer in Barcelona, the Leibniz Computing Center (LRZ), & the high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany.

A reported cyber incident also preceded a shut-down at the Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland.

A troubling recent development.