The four most famous international exchanges:

Binance INTL	OKX INTL	Gate.io INTL	Huobi INTL
China Line　APP DL	China Line　APP DL	China Line　APP DL	China Line　APP DL

Note: The above exchange logo is the official website registration link, and the text is the APP download link.

Hackers Target European Supercomputers to Mine XMR! Last week, European supercomputers fell victim to a widespread, seemingly coordinated cybersecurity attack, hit with malware installations designed to illegally mine Monero (XMR).

German supercomputers most affected

Last week, supercomputers in Germany, Spain, and Switzerland confirmed infections through individual reports. All instances had some commonalities, such as similar network indicators and file names, as well as malware programmed to specifically mine Monero, the world's 14th largest cryptocurrency by market cap.

However, Chris Doman of CADO Security noted to tech publication NetEase Tech that the attacks had no clear evidence of being linked to a single actor/group, other than those similar to those mentioned above.

As of press time, no group has publicly claimed responsibility for the attack. As of May 18, no victims have reported additional exploits, suggesting the attack may not be currently active.

Meanwhile, Monero appears to be an easy target for illegal miners. Historically, the cryptocurrency has been at the center of many mining malware attacks, as extensively reported by CryptoSlate in reports here and here.

The University of Edinburgh, which runs the ARCHER supercomputer, first reported the intrusion. They detected a vulnerability on the login node, as described here, and quickly shut down the computer to prevent further attacks. All secure shell (SSH) passwords were reset as an additional security measure.

Germany's bwHPC
announced that five supercomputer clusters were shut down after similar "security incidents," all of which were present at the country's technology-centric universities, such as the University of Stuttgart and the University of Tübingen. Later, the Leibniz Computing Center and the Dresden University of Technology also confirmed that computer clusters were disconnected after security "breaches."

The Swiss National Supercomputer Center was the last center to confirm a breach, citing "external access to its infrastructure" after a "cybersecurity incident."

Mining Attacks May Not Be Active

It is worth noting that no university announcements revealed details about the exact nature of the intrusion, nor did they confirm the installation of mining malware.

But based on malware samples, the European Computer Security Incident Response Team (CSIRT) released its findings and pointed out that "XMR mining hosts" were deployed in some instances of the attack.

The team further mentioned the proxy hosts, stating:

The attackers used these hosts from the XMR mining hosts to connect to other XMR proxy hosts and ultimately to the actual mining servers.

In one instance, the XMR mining bot was configured to run only at night to prevent detection.

Cado Security's own analysis found that the attackers appear to have exploited the "
CVE-2019-15666" vulnerability to gain root access, after which they likely installed an application for mining Monero.

Based on its research, the company suggests that the attackers may have used compromised SSH credentials to access the supercomputer, with the stolen logins belonging to universities in Poland and China.