A recent Java exploit which we recently reported on, has been used to target HP's server based on AMD's EPYC CPU platform to mine the Raptoreum Cryptocurrency.
HP's AMD EPYC CPU Powered Servers Targeted By Hackers Using Log4J Exploit, Repurposing Them Into Raptoreum Crypto Mining Machines
The report comes from Einnews who reports that HP's 9000 servers based on the AMD EPYC CPU platform were hacked using the Log4J exploit. While we did recently report on the Log4j exploit & how it affects major brands, excluding AMD, it looks like hackers have still managed to slip past the hardware blocks and access a large number of HP servers.
"Raptoreum’s total network hash rate had increased over the past few weeks, but out of nowhere, it increased from 200 MH/S to 400MH/S with a single address contributing an additional 100 - 200MH/S to the Raptoreum network. During the attack, many servers were breached, each outputting a significant amount of hash power on very high-end server equipment. Very few organizations in the world have their hands on this kind of hardware, making it extremely unlikely that the attack was done using the individual’s own hardware.
Through a private investigation, there is now strong evidence that suggests Hewlett-Packard 9000 AMD EPYC server hardware was being used to mine Raptoreum coins. We discovered that the miners they were using were all given HP nicknames and were all stopped abruptly which fortifies speculation of a company breach, followed by a patch of the servers. The Log4J Raptoreum mining exploit started December 9th until it mostly ended on December 17th. During this period hackers were able to collect approximately 30% of the total block reward which is roughly 3.4 million Raptoreum RTM, worth around $110,000 USD as of 12/21/2021. Although activity has dropped considerably, it is actively mining to this day on what still looks to be a single premium machine which has failed to patch."
Raptoreum, a recently new crypto mining algorithm, is based on the GhostRider mining algorithm to keep the Raptoreum blockchain network clean from ASICs The GhostRider algorithm makes use of a modified x16r and Cryptonite algorithm that utilizes the CPU L3 cache for mining, making AMD CPUs the most preferred choice.
As such, AMD CPUs are going to be the preferred choice owing to their large L3 cache sizes. CPUs such as the older Ryzen 9 3900 and Ryzen 9 3900X offers up to 64 MB of L3 cache whereas AMD's Threadripper and EPYC lineup scales up to 128 and 256 MB of L3 cache based on the configuration.
It is reported that the hacker was able to push the total network hash rate from 200 MH/s to 400 MH/s in an instant. The exploit ran from 9th December and lasted till 17th December before the affected servers were pulled out. The hacker managed to grab 30% of the total block reward during this period or 3.4 million Raptoreum (RTM) which equals around $110,000 US (as of 12/21/2021). It is also reported that some of the machines that haven't been patched are still mining.
Sources show that roughly 1.5 million of the mined Raptoreum coins have been sold on the CoinEx cryptocurrency exchange to date, while 1.7 million RTM currently remain in a wallet. With a 40% increase in value during the exploit, it appears that the dumping of the coins had little negative effect in the short term for the project. Distributed networks such as Raptoreum, secured through mining, node integrity, and free market perseverance, are able to resist individuals with a plethora of stolen server equipment. Other coins might not be so lucky depending on the spirit of their communities and the depth of their market volume.
While this is bad news, Raptoreum is expected to pick up further pace as more competition enters the market with AMD's next-gen Milan-X and Threadripper parts which are expected to feature an insane amount of cache.