It is reported that the University of Edinburgh on Monday first released a report on the attack on the archer supercomputer, saying that it shut down the archer system for investigation and reset the SSH (Secure Shell Protocol) password to prevent further attacks.
On the same day, bwhpc, the German supercomputer management organization, announced that due to similar security issues, its five supercomputers / high-performance computing clusters bwunicluster2.0, forhlrii, bwforclusterjustus, bwforclusterbinac and hawk were now shut down.
A supercomputer in Barcelona, Spain, has also been shut down because of security problems, security researcher Felix von Leitner said in a blog post Wednesday.
Later that day, the German giulish research center immediately said that due to the it security incident, it was necessary to shut down its jureca, judac and juwels supercomputers.
Just yesterday, the Swiss scientific computing center in Zurich, Switzerland, said it would continue to shut down external access to its supercomputers until the external environment is safe.
It is not clear who or organization has carried out these attacks, but according to the analysis of security companies, hackers obtained access to supercomputers by stealing SSH credentials, and University insiders are most suspected because they have access to these supercomputers.
In fact, the hijacked SSH login belongs to universities in Canada, China and Poland.
And while there is no evidence that all attacks are carried out by the same organization, all malware filenames and network indicators prove that their source could be the same place.
Source: Chen Gong, editor in charge of fast technology_ NT3893