HP-Branded Servers Hijacked to Mine $110,000 Worth of Cryptocurrency

An unknown company had a group of HP servers that were attacked. The hackers took control of the hardware to mine cryptocurrency. The hackers chose raptoreum as the crypto to mine. This coin is in the top 1000 by market capital and uses an algorithm called Ghostrider that combines PoW (proof of work) with PoS (proof of stake).

On December 9, the server cluster began mining raptoreum and provided more hashpower than any other party on the Raptoreum Blockchain at that time. The attackers were able to make more than $110,000 in raptoreum during the period December 9-17.

On December 17, the Raptoreun network lost the server group. This indicates that the threat could have been eliminated after they were detected.

Log4j Leveraged

Log4shell is a newly discovered vulnerability that allows remote attackers to take control of systems. Log4shell makes use of Log4j, a registry library that is widely used in Apache-based systems. This vulnerability was discovered early December and was used to execute a crypto mining program.

Because of its widespread use, even in large operations such as IBM and Microsoft, the vulnerability was deemed critical by its researchers. Although the software was patched in certain instances, investigators continue to discover new ways it could be exploited. The software was also susceptible to local attacks. This means that servers could execute code remotely, even if they are not connected to the internet.

According to Unit 42, a security consulting company, cryptojacking attacks decreased in the first half this year. In a follow up report, however, the firm also discovered that 63% third-party code templates used to build cloud infrastructure contained insecure configurations which could result in losing control over the hardware.