According to reports, hackers recently took control of a group of HP-branded servers and used them to remotely mine a cryptocurrency called raptoreum. This resulted in the cluster of infected HP machines becoming the largest contributor to the total cryptocurrency mining pool, enabling the attacker to earn $110,000 worth. It is said that these coins were mined between December 9th and 17th.

HP server suffers from encryption hijacking attack

A group of HP servers operating for an undisclosed company is be attacked By hackers who managed to control the hardware and reuse it to mine cryptocurrency. The cryptocurrency chosen by the hackers is called raptoreum, which is a token with a market value of the top 1,000. It uses an algorithm called Ghostrider that mixes PoW (Proof of Work) and PoS (Proof of Stake) consensus mechanisms.

The server cluster started mining raptoreum on December 9, when it provided more computing power than all other parties on the Raptoreum blockchain combined. This allowed the attackers to plunder more than $110,000 worth of raptoreum between December 9th and 17th.

The server group disappeared from the Raptoreun network on December 17, indicating that they can be patched to eliminate the threat after it is detected.

Log4j leverage

The attack uses a recently discovered vulnerability called Log4shell, which allows an attacker to remotely control the system. Log4shell uses Log4j, which is a registry library widely used in Apache-based systems. This vulnerability was discovered in early December, and in this case, it was used to pass the execution of encryption mining software.

Due to the ubiquity of exploits, even if it involves large-scale operations such as Microsoft and IBM, the vulnerability is listed as a serious vulnerability by the discoverer. Although the software has been patched in some of its implementations, investigators are still discovering new ways to use it. It was recently discovered that the software is also vulnerable to local attacks, which means that the server can execute code remotely without being connected to the Internet.

According to a report, in the first half of this year, cryptojacking attacks decreased for the first time since 2018. Report Titled “Cloud Thread Report”, released by Security Consulting Company Unit 42.However, in subsequent reports, the company also Established 63% of third-party code templates used to build cloud infrastructure contain insecure configurations that can cause hardware to lose control.

What do you think about attacking HP brand servers to mine raptoreum? Tell us in the comments section below.

Sergio Goshenko

Sergio is a cryptocurrency journalist based in Venezuela. He described himself late and entered the crypto space when prices rose in December 2017. With a background in computer engineering, living in Venezuela, and being affected by the cryptocurrency boom at the social level, he offers a different perspective on the success of cryptography and how it can help people without bank accounts and underserved people.

Image Source: Shutterstock, Pixabay, Wikimedia Commons