HP-Branded Servers Hijacked to Mine $110,000 Worth of Cryptocurrency.
Hackers recently got control of a series of HP-branded servers and exploited them to remotely generate raptoreum, a cryptocurrency, according to reports. As a result, the compromised cluster of HP PCs became the largest contributor to the cryptocurrency's overall mining pool, netting the attackers $110,000. Between December 9 and December 17, the coins are said to have been mined.
HP Servers Suffer Cryptojacking Attack
Hackers broke into a collection of HP servers belonging to an unnamed company and took control of the gear, repurposing it to mine cryptocurrency. The hackers chose raptoreum, a coin in the top 1,000 by market capitalization that uses the Ghostrider algorithm, which combines PoW (proof-of-work) and PoS (proof-of-stake) consensus mechanisms.
On December 9, the server cluster began mining Raptoreum, and at the time, it had more hash power than all other parties on the Raptoreum blockchain combined. Between December 9 and December 17, the attackers were able to collect more than $110,000 in raptoreum as a result of this.
On December 17, the server group vanished from the Raptoreun network, indicating that they were patched to neutralise the threat once it was detected.
Log4j Leveraged
The assault took advantage of a recently found vulnerability known as Log4shell, which allows attackers to remotely take control of a system. Log4shell makes advantage of Log4j, a registry library frequently used in Apache-based applications. This vulnerability was found in early December and was used to bypass the execution of crypto mining software in this circumstance.
The vulnerability has been classed as significant by its discoverers due to its widespread use, even among large corporations such as Microsoft and IBM. Despite the fact that some of the software's implementations have been patched, investigators are continuously finding new ways to use it. The software has now been discovered to be vulnerable to local attacks, which means that the servers can run code without being connected to the internet.
Cryptojacking attacks have decreased for the first time since 2018, according to a research named "Cloud Thread Report" published by Unit 42, a security consulting business. However, the firm discovered in a follow-up analysis that 63 percent of third-party code templates used in cloud infrastructure contained vulnerable setups that may lead to the hardware being lost.
