Cryptomining hacks are not new by any extend, but a string of latest incidents is elevating eyebrows. ZDNet stories that culprits contaminated a number of European supercomputers with Monero mining malware in the earlier 7 days, which includes the University of Edinburgh’s ARCHER, five of bwHPC’s pc clusters and most recently a cluster at Munich’s Ludwig-Maximilians University. That is uncommon by by itself, but there seems to be a popular thread among the hacks.
Cado Security has decided that the attacks had been carried out applying compromised SSH (protected shell) logins from universities in Canada, China and Poland, applying identical malware file names, the exact same vulnerability and shared technological indicators. That implies they might be the work of the exact same undesirable actor. In the situation of ARCHER, the attacks appear to have occur from Chinese IP addresses.