British Supercomputer ARCHER, which is used for academic research by Universities operating in the U.K., has been hit by a cyberattack, forcing the admin to reset all user passwords and SSH keys.
ARCHER provides invaluable resources for researchers who study problems with a global impact. The UK National Supercomputing service also serves a National Health Service (NHS) project working on developing a Coronavirus vaccine, reports Security Boulevard.
According to the ARCHER site, on May 11, cyberattackers exploited ARCHER's login nodes, forcing the EPCC Systems Team to disable access to ARCHER while further investigations took place. On May 13, EPCC Systems provided an update, noting they believe the incident to be a major issue across the academic community as several computers have been compromised in the UK and throughout Europe.
EPCC noted they have been working with the UK National Cyber Security Centre (NCSC) and Cray/HPE in order to better understand the position and plan effective remedies. In addition, EPCC said they were hoping to bring ARCHER back early next week, but the decision will depend on the results of the diagnostic scans taking place and further discussions with NCSC.
All of the existing ARCHER passwords and SSH keys will be rewritten and will no longer be valid on ARCHER. There will be a new requirement to connect to ARCHER using a SSH key and a password. EPCC notes they are preparing new documentation which will describe the new arrangements and the Service Desk will be available to answer any concerns about this.
Chris Morales, head of security analytics at Vectra, says, “This is not surprising. Nation-state attackers are targeting possible locations of COVID-19 research as they seek to gain political advantage through early access to new knowledge. Remote access and misuse of privileges such as SSH used in this case are almost always going to be a significant factor on any infrastructure attack. As almost all user access is remote access for supercomputers and the interconnectivity of joint academic networks, the lost computational time will be significant and likely impact any research projects being analyzed. The likely attacker behavior would have been difficult to spot if legitimate SSH sessions were stolen and used from elsewhere. Such privileged access from an unusual host was the top observed suspect behavior in our recent analysis in our spotlight report on privileged access.”