HP-Branded Servers Hijacked to Mine $110,000 Worth of Cryptocurrency

Hackers recently took control of a group of HP-branded servers and used them to remotely mine a cryptocurrency called raptoreum, according to reports. This resulted in the compromised cluster of HP machines becoming the biggest contributor to the total mining pool of the cryptocurrency, allowing attackers to rake in $110,000 worth. The coins are said to have been mined between December 9 and December 17.

A group of HP servers operating for an undisclosed company was attacked by hackers that managed to take control of the hardware and repurpose it to mine cryptocurrency. The crypto chosen by the hackers was called raptoreum, a coin in the top 1,000 by market cap that takes advantage of an algorithm called Ghostrider, blending PoW (proof-of-work) and PoS (proof-of-stake) consensus mechanisms.

The server cluster started mining raptoreum on December 9, and at the time, it provided more hash power than all other parties combined on the Raptoreum blockchain. This allowed the attackers to rake in more than $110,000 worth of raptoreum in the period between December 9 and December 17.

The server group disappeared from the Raptoreun network on December 17, an indication that they could have been patched to eliminate the threat after it was detected.

The attack used a recently discovered vulnerability called Log4shell, which allows attackers to gain control of a system remotely. Log4shell uses Log4j, which is a registry library used widely in Apache-based systems. This vulnerability was discovered in early December, and in this case, it was leveraged to pass the execution of a crypto mining software.

The vulnerability has been classified as critical by its discoverers due to how common its utilization is, even when it comes to massive operations like Microsoft and IBM. While the software has been patched in some of its implementations, investigators are still discovering new ways in which it can be leveraged. It was recently discovered that the software is also vulnerable to local attacks, meaning that the servers can be executing code remotely without being connected to the internet.

During the first half of this year, cryptojacking attacks have decreased for the first time since 2018, according to a report titled “Cloud Thread Report,” issued by Unit 42, a security consulting firm. However, in a follow-up report, the firm also found that 63% of third-party code templates used in building cloud infrastructure contained insecure configurations that could lead to losing control of the hardware.

What do you think about the attack on HP-branded servers to mine raptoreum? Tell us in the comments section below.