Europe's supercomputers hijacked by attackers for crypto mining

BBC Supercomputer at Edinburgh UniversityBBC
The Archer supercomputer in Edinburgh was one of those affected

At least a dozen supercomputers across Europe have shut down after cyber-attacks tried to take control of them.

A pan-European supercomputing group says they seem to have tried to use the machines to mine cryptocurrency.

"A security exploitation" disabled access to the Archer supercomputer, at the University of Edinburgh, on 11 May.

Staff said they were working with the National Cyber Security Centre to restore the system, which had recently installed a pandemic modelling tool.

"We now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe," the team said.

The NCSC said: "We are aware of this incident and are providing support.

"The NCSC works with the academic sector to help it improve its security practices and protect its institutions from threats."

Also on 11 May, another attack shut down five supercomputers in Germany.

Others followed elsewhere in Germany in the following days, as well as in Switzerland, and reportedly Barcelona.

They exploited an Secure Shell (SSH) connection, which academic researchers use to log in to the system remotely.

And once inside, the attackers appear to have deployed cryptocurrency-mining malware.

The security team at the European Grid Infrastructure foundation said: "A malicious group is currently targeting academic data centres for CPU [central processing unit] mining purposes.

"The attacker is hopping from one victim to another using compromised SSH credentials."

Jamie Akhtar, chief executive of UK security company Cybersmart, said: "Universities are home to some of the most advanced research projects in the world across many disciplines - including computer science - but they are also notoriously vulnerable to attack if they are connected to the wider university network."