The Council for Scientific and Industrial Research (CSIR) has confirmed that its Centre for High Performance Computing (CHPC) suffered a cybersecurity incident that affected the Lengau computing cluster. This is South Africa’s flagship supercomputer used by researchers across the country.

The incident, which occurred at the end of May, resulted in unauthorised access to parts of the system and prompted the CHPC to take the cluster offline while investigations and security measures continue, reports Pretoria Rekord.

According to the CSIR, the breach appears to have affected user credentials and authentication keys.

CSIR manager for Media Relations and Corporate Communication Kulani Chauke said teams acted quickly to limit its impact.

“The CSIR teams have contained the incident. At this stage, there is no evidence that user research data was compromised,” said Chauke.

He said emergency plans were implemented immediately after the breach was detected.

“Mitigation measures were implemented without delay to address the unauthorised access, and additional security controls are being deployed to strengthen the environment,” Chauke said.

CSIR aims to complete its investigation as soon as possible

“We want to restore high-performance computing services to users as quickly and safely as possible,” Chauke said.

The Lengau cluster is a critical national research asset and is used by universities, government departments and research institutions for complex scientific modelling and data analysis.

The system was launched in June 2016 and is capable of performing more than one quadrillion calculations per second.

The cybersecurity incident follows reports from users that performance issues were first detected on the cluster in late May.

The CHPC then informed users that an immediate shutdown of computing nodes was carried out after a suspected compromise was identified.

The affected nodes were subsequently re-imaged and restored before being returned to service.

The CHPC told users that the shutdown was necessary to investigate the incident, secure the environment and strengthen protections for both the platform and user data.

As part of the response, the organisation indicated in a communication to users that relevant privacy and regulatory processes would be followed, including reporting obligations linked to the Protection of Personal Information Act.

The outage has left many researchers unable to access computing resources and stored data while the investigation remains underway.

Despite concerns among users, the CSIR stressed that the affected computing environment is separate from the organisation’s broader information technology infrastructure.

“Therefore, the CSIR’s own research data and business information systems were not affected by this breach,” said Chauke.

Organisation pledges to keep affected users informed

“The organisation will continue to communicate with affected users and stakeholders as more verified information becomes available,” Chauke said.

The incident highlights the growing cybersecurity risks facing major research institutions and HPC facilities worldwide.

Such systems are attractive targets for cybercriminals because of their immense processing power and the valuable research they support.

For now, the focus remains on determining how the attackers gained access, assessing the full impact of the breach and ensuring that the Lengau cluster can return to operation without exposing users to further risk.

While the investigation continues, the CSIR maintains that available evidence suggests the compromise was limited to credentials and authentication mechanisms, with no indication that research data or the organisation’s wider systems were affected.

Breaking news at your fingertips… Follow Caxton Network News on Facebook and join our WhatsApp channel.

Nuus wat saakmaak. Volg Caxton Netwerk-nuus op Facebook en sluit aan by ons WhatsApp-kanaal.