- HP 9000 servers based on AMD EPYC were selected as targets.
- The Raptoreum crypto relies on a Proof-Of-Work architecture.
Attackers who remain unidentified exploited a vulnerability in the Log4J library to compromise HP 9000 servers powered by AMD EPYC processors and mine the Raptoreum CPU cryptocurrency on these resources between December 9 and December 17. Consequently, the Raptoreum network’s hashrate doubled until the equipment was taken offline.
HP 9000 Servers: The Soft Target
The Log4J vulnerability gets the highest score because it lets attackers create connections, download data, and execute arbitrary code on a controlled system without requiring physical access. The Raptoreum cryptocurrency relies on a Proof-Of-Work (PoW) architecture, and its GhostRider algorithm is designed for central processors and is resistant to ASIC systems. Hence HP 9000 servers based on AMD EPYC were selected as targets for a reason.
It’s quite likely that it was one of the multiple victims of the Log4J vulnerability, targeting Amazon, IBM, and Microsoft. However, it was discovered that the impacted HP servers were equipped with AMD’s 9000 EPYC processor, which is used to mine Raptoreum at 400MH/s.
On December 9, Raptoreum engineers detected an unusual hash rate rise on the network. The network’s number of computers increased steadily, and productivity increased dramatically from 200 MH / s to 400 MH / s. The address that the HP servers belonged to collected nearly 30% of the entire block reward, or 3.4 million RTM, during the time they were mining.
When the hackers sold half of it on CoinEx, it was worth roughly $110,000, but the value of the half they retained has since reduced substantially. The remaining assets are still in the wallet, indicating that the attackers are likely waiting for the Crypto to increase value.