Following this week's report from the FBI, laboratories in Switzerland, Germany, and the U.K. confirmed that their supercomputers being used to research Covid-19 and other tasks were hacked.
The affected labs said that only the login portal to the supercomputers were affected, not the servers that run the computations. That could mean that an attacker was seeking to breach the system in order to steal research or to disrupt the progress of researchers.
In Switzerland, the Swiss National Supercomputing Centre confirmed that it and other European high-performance computer facilities had been attacked and that it had temporarily closed access pending an investigation. “A cyber-attack has been conducted against several European [high performance computing] and academic computer sites,” the center said. “Our system engineers are actively working in order to bring back the systems as soon as possible.”
The Swiss Federal Institute of Technology was recently awarded use of the supercomputers at the Swiss National Supercomputing Centre to study the small membrane protein of the coronavirus.
On Monday, the U.K. National Supercomputing Service, named ARCHER, announced a security exploitation on the ARCHER login nodes, and a decision to disable access to ARCHER while further investigations would take place.
The system is being used to simulate the spread of the coronavirus pandemic at the Imperial College’s Centre for Global Infectious Disease Analysis.
ARCHER later said it started working with the National Cyber Security Centre (NCSC) and Cray/HPE in order to better understand the position and plan effective remedies. On Friday, ARCHER said that all of the existing ARCHER passwords and SSH keys would be rewritten and would no longer be valid on ARCHER. ARCHER will provide more information on Monday.
In Germany, the supercomputing center in Baden-Wurttemberg also said it was affected by a security incident, with state-wide HPC systems to be unavailable. It isn’t clear if the center was doing research on Covid-19, the disease caused by the coronavirus.
Security researcher Felix von Leitner last week claimed that a supercomputer housed in Barcelona, Spain, was also impacted by a security issue and had been shut down as a result.
On Thursday, the Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences, said it was disconnected a computing cluster from the internet following a security breach.
Later, the Julich Research Center in the town of Julich, Germany said it had to shut down the JURECA, JUDAC, and JUWELS supercomputers following an "IT security incident."
On Saturday, German scientist Robert Helling published an analysis on the malware that infected a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany.
The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland also shut down external access to its supercomputer infrastructure following a "cyber-incident" and "until having restored a safe environment."
Chris Doman, Co-Founder of Cado Security, says that once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.
On May 13, the Federal Bureau of Investigation and the Department of Homeland Security issued a statement warning scientific researchers in the U.S. of attacks by Chinese-based hackers.