ARCHER, a UK world-class supercomputer, was hit by a cyberattack earlier this week. Providing invaluable resources for scientists studying global issues, the UK National Supercomputing service also serves a National Health Service (NHS) project working on developing a Coronavirus vaccine.
What happened? On May 11, attackers exploited ARCHER’s login nodes, forcing the EPCC Systems team to disable access to the system. Officials started investigating and informed the community that they will not be able to “to log in or to submit new jobs.”
Yesterday, the admin posted updates on the website, stating that “we now believe this to be a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe. We have been working with the National Cyber Security Centre (NCSC) and Cray/HPE in order to better understand the position and plan effective remedies.”
Additionally, “all of the existing ARCHER passwords and SSH keys will be rewritten and will no longer be valid on ARCHER. When the ARCHER Service is returned, there will be a requirement to connect to ARCHER using a SSH key and a password. It is imperative that you do not reuse an old password or SSH key.”
Operators also advise users to change passwords on any other systems that take the same credentials as ARCHER.
”University teams are currently working with specialists from our technology partners and the National Cyber Security Centre to agree the recovery path and determine when access can be safely reinstated,” said a university spokesman. “There is currently nothing to suggest that any research, client or personal data has been impacted by this issue and all relevant stakeholders are being updated.”
While there is no evidence of a well-targeted attack, a recent joint advisory from UK and US officials says that, “we are currently investigating a number of incidents in which other states are targeting pharmaceutical companies, medical-research organizations, and universities, looking for intelligence and sensitive data, including research on the virus.”
At the same time, security specialists cannot deny that the most recent attack seeks to further jeopardize and steal intellectual property related to the Coronavirus treatments, and, although extensive malicious activity has been observed, no data theft has been confirmed so far.