Cyberattack against Supercomputers

On 11 May 2020, triggered by a tip-off from a German HPC centre which had identified a successful cyberattack on its system, an initial analysis showed that JSC’s supercomputers JUWELS and JURECA, as well as the JUDAC and JUSUF systems, were affected by the same attack. As an immediate measure, JSC stopped access to the systems and informed its users.

Following this, it turned out that a significant number of other German and European HPC centres were also affected and further analysis was performed in close interaction with the Gauss Centre for Supercomputing, the Gauss Alliance, and PRACE, with the involvement of the computer emergency response team DFN-CERT and the responsible authorities. It was found that the attackers have used compromised user accounts to access the systems and were able to elevate their privileges. The analysis revealed no indications that the attack was targeted against a particular research community, that research data had been stolen, or that the compute capacity of JSC’s systems had been abused. However, all user SSH keys stored on the file systems at JSC must be considered potentially compromised and have to be revoked.

On 4 June, JSC reopened user operation on JUWELS and JURECA. While the full compute capacity of these systems has become available again since then, additional security measures have been implemented and some restrictions apply initially. Among others, outgoing SSH connections have been blocked and users have had to upload new SSH credentials via JuDoor. The JUSUF system will be made available again soon. The data exchange system JUDAC is currently undergoing a redesign and is therefore not accessible. JSC is in close exchange with partner centres in Germany and Europe to discuss longer-term measures that improve the overall security level without hampering the usage of the systems.

Contact: Dr. Dorian Krause, d.krause@fz-juelich.de

from JSC News No. 273, 24 June 2020