Supercomputers in Research Institutes across Germany, UK Hacked

A number of supercomputers used in research institutes across Germany and the United Kingdom have been attacked by hackers, since January this year.

In Germany, at least six systems are said to be compromised.

On May 11, High Performance Computing Center (HLRS), a research institute and a supercomputer center based in Stuttgart posted a notification that said: “Hawk was shut down due to a security incident.”

Hawk is the flagship supercomputer at the institute. With a peak performance of approximately 26 Petaflops, Hawk is an HPE Apollo 9000 System and is among the fastest supercomputers worldwide. It is the fastest general purpose system for scientific and industrial computing in Europe.

Even Leibniz Supercomputing Center of the Bavarian Academy of Sciences and Humanities near Munich admitted its systems had been targeted by hackers. In a statement posted on May 14, it said: “We can confirm a security incident that affects our high-performance computers. For safety's sake, we have therefore isolated the affected machines from the outside world.”

NEMO, Forschungszentrum Jülich and Karlsruhe Institute of Technology (KIT) also reported same problems, with the latter stating two high-performance computers bwUniCluster 2.0 and ForHLR II hit by a “serious security incident.”

"The systems were compromised by attacks using stolen user account data. According to the current state of knowledge, a quick rectification of the problem is unlikely,” SPIEGEL reported, citing KIT.

Freiburg-based NEMO said the cyber-attacks may have begun on January 9. Hackers reportedly “used a stolen user account and obtained root privileges.”

In addition, UK-based ARCHER National Supercomputing Service also said its systems suffered a “security exploitation” that led its administrators to rewrite passwords and Secure Shell (SSH)­­ keys.

“We would like to provide an update on the ARCHER Security Incident. We now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe. We have been working with the National Cyber Security Centre (NCSC) and Cray/HPE in order to better understand the position and plan effective remedies,” ARCHER said in a statement.

“We are hoping to return ARCHER back to service early next week but this will depend on the results of the diagnostic scans taking place and further discussions with NCSC. All of the existing ARCHER passwords and SSH keys will be rewritten and will no longer be valid on ARCHER. There will be a new requirement to connect to ARCHER using a SSH key and a password,” the institute said today.

On May 13, the U.S. Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) alleged several American organizations researching COVID-19 virus had been attacked by the Chinese. “The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by People’s Republic of China (PRC)-affiliated cyber actors and non-traditional collectors. These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research. The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options,” CISA said.