Today, a world-wide attack on HPC infrastructure has been made public. During examination, indications where found that our TUK cluster “Elwetritsch” was targeted during this attack. Several other linux systems show indications, too.
As far as we know, linux systems based on RedHat (CentOS and Fedora as well) and SuSE have been targeted. The HPC centers of Germany as well as the DFN-Cert are working on the analysis of these incidents.
As a precautionary measure, the following systems of the RHRK have been shutdown:
- Cluster „Elwetritsch“
- Linux terminalserver (linda+lindb),
- SVN server
These systems will not be available until further notice.
In the meantime, the outage of KIS and KIS-Office has been resolved.
Information for students: updated information regarding the access of QIS and KIS can be found hier: https://www.uni-kl.de/pruefungsangelegenheiten/
Suggestion for administrators: please check your linux systems, if the file /etc/fonts/.fonts and/or /etc/alsa/.catalog exists. Important for a forensic analysis is the ctime of these files (use the comand stat). If this is the case, shutdown the system and notify the RHRK via hotline(at)rhrk.uni-kl.de
Suggestion for SSH users: as a security precaution, we strongly urge you to update all your private keys.
Users who logged in on compromised systems (e.g. HPC, linda/b, KIS Office) will be notified by email.
They need to change their password at https://passwort.uni-kl.de.
Affected accounts without a password change after 14.5.2020 will be locked on Tuesday, 2.6.2020, at 8:00. Accounts can only be unlocked by changing the password.
This information will be updated in the future.