Access to slurm-login and tranfer restricted due to compromised security Thursday 28th May 2026 12:55:00

We are currently experiencing compromised security on the ilifu slurm-login and transfer node. Access to these nodes has been restricted to contain the unauthorised access. The technical team is investigating the compromised security. We have been made aware that similar issues are impacting several other HPC and Cloud sites in South Africa and are part of a broader national problem.

Since the security incident last week, we have been working with UCT CSIRT to investigate the extent of the compromised systems and to understand if a data breach has occurred. Similar incidents have impacted several other HPC and Cloud sites. The investigation is still ongoing, and unfortunately we cannot resume operations until it is complete.

We believe that the attack vector was compromised SSH keys. SSH access to ilifu has been restricted since Thursday, 28 May. We have removed all existing SSH keys from ilifu user accounts. We will send out information about account access and adding new keys when we are ready to resume operations on ilifu. In parallel to the investigation, we are working on implementing further enhanced security measures.

We strongly recommend that all users cycle their SSH keys at other remote sites as soon as possible.

Posted 2 days ago by jeremy

The technical team is continuing to investigate the extent of the compromised security issue that occurred on the slurm-login and transfer node. In parallel, we are working on a process to overcome any possible compromised accounts to prevent further unauthorised access, and implementing further enhanced security measures, such as MFA. The development and deployment of these processes are expected to require a number of days to complete. We don't expect the ilifu services to be available before mid-week next week.

Posted 1 week ago by jeremy

We've made the decision to restrict access to additional ilifu services while the technical team investigates the issue. Access to Jupyter and the Visual Studio Code services has been removed. The CARTA and Globus services remain operational.

Posted 1 week ago by jeremy