Hackers hijacked HP-stamped servers to mine the Raptoreum cryptocurrency. They used a vulnerability in Apache-Log4j for the attack.
A group of hackers broke into the HP 9000 EPYC servers used by a tech company to mine cryptocurrencies. They used the servers to mine the Raptoreum cryptocurrency. The remote attack took place between December 9 and December 17. According to reports, the hackers mined $110,000 worth of Raptoreum. So far, the company that owns the servers has not been identified.
The hackers exploited a vulnerability in the Apache-Log4j logging utility for the attack. Using it, they reprogrammed the cluster of HP 9000 EPYC servers to mine Raptoreum.
HP Servers and the Apache-Log4j Exploit
Apache-Log4j is a tool that software developers use to log changes, particularly errors in their software applications. Log4j has a vulnerability that enables its host computer to execute a piece of code remotely. The hackers leveraged this liability and launched a code into the servers to mine Raptoreum.
The Apache-4j has acted promptly and made the necessary repairs and released them as updates. However, those servers that are still running the old instance of 4j are not exempt from the risk. We, thus, advise you to update Apache-4j on your computers as soon as possible.
The crypto-Hacking came to light when a lead developer of the Raptoreum blockchain noticed irregular surges in the cryptocurrency’s network hash rates. He then used the Raptoreum blockchain, which keeps a record of all public transactions, and found out about the attack.
According to the developer, Raptoreum’s hash rates did see an increase in the few weeks preceding the attack. However, much to his surprise, the network hash rates suddenly rose from 200 MH/s to 400 MH/s on December 9. He then spotted that a single address was adding the extra 100-200 MH/s to the Raptoreum network.
In the entire duration of the attack, which lasted over a week, the hackers mined around 3.4 Million Raptoreum.