Academic super-computers targeted by malicious crypto miners: report

Reports indicate that academic super-computers in Europe are being targeted by would-be attackers.

The BBC reported on May 18 that among the affected institutions is Scotland's University of Edinburgh, which took its ARCHER super-computer offline due to a security incident. 

"No evidence has been found to suggest that any research, client, or personal data has been impacted by this issue and all relevant stakeholders have been updated. Reports in the media suggesting that this issue was cryptocurrency mining related are incorrect," a spokesman for the University of Edinburgh said in a statement.

Information published by the EGI Computer Security and Incident Response Team states that "[a] malicious group is currently targeting academic data centers for CPU mining purposes. The attacker is hopping from one victim to another using compromised SSH credentials." The attackers appear to be attempting to mine Monero, or XMR.

In the University of Edinburgh's statement, the team behind ARCHER noted: "We now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe. We have been working with the National Cyber Security Centre (NCSC) and Cray/HPE in order to better understand the position and plan effective remedies."

In late April, a Slovakian security firm said that it had targeted and neutralized a significant monero-mining botnet focused on Latin America infections. A study published in early 2018 contended that more than 4 percent of all XMR in circulation is the product of malicious mining activities. 

Update: This report has been amended to clarify that ARCHER was not targeted by attackers trying to install crypto mining hardware, according to the group that operates it.