According to reports, hackers recently took control of a group of HP branded servers and used them to remotely mine a cryptocurrency called Raptoreum. As a result, the compromised cluster of HP machines made the largest contribution to the entire mining pool of the cryptocurrency, allowing attackers to earn $ 110,000 in value. The coins are said to have been mined between December 9th and 17th.
HP servers suffer cryptojacking attacks
A group of HP servers working for an unknown company was made attacked by hackers who managed to take control of the hardware and reuse it for mining cryptocurrencies. The crypto chosen by the hackers was called Raptoreum, a coin in the top 1,000 by market capitalization that uses an algorithm called Ghostrider that combines PoW (Proof-of-Work) and PoS (Proof-of-Stake) consensus mechanisms.
The server cluster started mining Raptoreum on December 9th, and at that point it was delivering more hash power than all the other parties combined on the Raptoreum blockchain. As a result, the attackers were able to collect raptoreum worth more than 110,000 US dollars between December 9 and 17.
The server group disappeared from the Raptoreun network on December 17, an indication that it may have been patched to remove the threat after it was detected.
The attack took advantage of a recently discovered vulnerability called Log4shell, which allows attackers to take control of a system remotely. Log4shell uses Log4j, a registry library that is widely used in Apache-based systems. This vulnerability was discovered at the beginning of December and, in this case, was exploited to pass the execution of a crypto mining software.
The vulnerability was classified as critical by its discoverers because it is widely used, even when it comes to massive operations such as Microsoft and IBM. Although the software has been patched in some of its implementations, investigators are still discovering new ways to use it. It was recently discovered that the software is also vulnerable to local attack, which means the servers can run code remotely without being connected to the Internet.
In the first half of this year, according to a. for the first time since 2018 report entitled “Cloud Thread Report” published by Unit 42, a security consultancy. In a follow-up report, however, the law firm also has found that 63% of third-party code templates used in building a cloud infrastructure contained insecure configurations that could result in loss of control of the hardware.
What do you think of the attack on HP-branded servers to mine Raptoreum? Let us know in the comments section below.
Photo credits: Shutterstock, Pixabay, Wiki Commons
Source: Crypto News Austria