It didn’t take long for hackers to turn a critical Java flaw into a profit-making weapon. An unidentified actor took control of HP’s AMD-based 9000 EPYC servers using the Log4J exploit, converting the powerful hardware into cryptocurrency miners. Before most of the exploited machines were taken offline, the hash rate for the CPU-based cryptocurrency Raptoreum (RTM) was doubled from 200 MH/s to 400 MH/s.
Log4J is a Java vulnerability that was recently discovered in the well-known Apache suite and received the highest threat categorization (10) under the “CVSS 3.0” rules. This is due to the exploit’s lack of physical access, which enables privilege escalation to mislead the machine into connecting to, downloading, and running malware from a hacker-controlled server. Although other software vendors have addressed the vulnerability, HP’s EPYC 9000 computers have not.
HP’s EPYC server appears to have been aimed for one purpose only: to mine Raptoreum (RTM), a CPU-based cryptocurrency based on the GhostRider algorithm and based on a Proof-Of-Work (PoW) methodology. Ghostrider is a hybrid of the x16r and CryptoNight algorithms that work well with AMD’s cache-dense Zen architecture? While AMD’s regular Ryzen 9 5900X (12-core) and 5950X (16-core) CPUs both have 64 MB of L3 cache, AMD’s Zen 3-based EPYC Milan CPUs have 128 MB of L3 cache, boosting performance and daily revenue. AMD’s Milan-X EPYC CPUs are expected to hit the market in 2Q 2022. By using 3D V-Cache, the CPUs will increase the L3 cache size to a massive 768 MB – picture the hash rates that forthcoming silicon will be able to unlock.
From December 9th, Raptoreum developers noticed an unusual increase in hash rate. While the number of machines contributing to Raptoreum has been steadily increasing, on December 9th, the network hash rate jumped from its usual 200 MH/s to 400 MH/s, with the increase coming from a single wallet address.
In a statement to EIN News, a leading Raptoreum developer explained that “During the attack, many servers were breached, each outputting a significant amount of hash power on very high-end server equipment. Very few organizations in the world have their hands on this kind of hardware, making it extremely unlikely that the attack was done using the individual’s hardware. Through a private investigation, there is now strong evidence that suggests Hewlett-Packard 9000 EPYC server hardware was being used to mine Raptoreum coins.”
“We discovered that the miners they were using were all given HP nicknames and were all stopped abruptly which fortifies speculation of a company breach, followed by a patch of the servers. The Log4J Raptoreum mining exploits started December 9th until it mostly ended on December 17th. During this period hackers were able to collect approximately 30% of the total block reward which is roughly 3.4 million Raptoreum (RTM), worth around USD 110,000 as of 12/21/2021. Although activity has dropped considerably, it is actively mining to this day on what still looks to be a single premium machine which has failed to patch.”
The hackers were able to move around 1.5 million Raptoreum tokens from the wallet’s 3.4 million, cashing them in on the CoinEx exchange. The remaining 1.7 million tokens were left idle, possibly awaiting positive price action before cashing out on potential profits. Surprisingly, the sudden wallet action has did not affect Raptoreum’s valuation, which would have been in the top 20 wallets at the 3.4 million RTM mark.
also read:
Here’s what the new Lenovo Legion Y700 Gaming Tablet will bring to the table
