Hackers hacked into servers to turn a critical Java vulnerability into a profit motive. Hackers managed to take control of HP’s AMD-based 9000 EPYC servers using the Log4J vulnerability and started using the powerful hardware to mine cryptocurrencies.
Log4J is a Java vulnerability that was recently exposed as part of the famous Apache package and deserves the highest possible threat classification (10) under the “CVSS 3.0” guidelines. This is because the exploit does not require physical access and allows the system to connect to a hacker-controlled server, download, and elevate privileges to run malware. Several software vendors fixed the vulnerability, but this was not the case with HP’s EPYC 9000 machines.
As you know, AMD’s mainstream Ryzen 9 5900X (12 cores) and 5950X (16 cores) processors have 64 MB of L3 cache. In the company’s Zen 3-based EPYC Milan CPUs, the amount of cache is doubled with 128 MB, and naturally, the gain increases with the hash rate. The red team’s upcoming Milan-X EPYC chips will launch in the second quarter of 2022. We mentioned that the processors will offer up to 768 MB of cache thanks to 3D V-Cache technology. So even EPYC chips can be in the focus of miners.
Raptoreum developers first noted an unusual increase in hash rate from December 9th. While the number of machines contributing to Raptoreum has been growing steadily, December 9 saw an abnormal jump from 200 MH/s to 400 MH/s with the increase from a single wallet.
The hackers managed to cash out about 1.5 million of the 3.4 million Raptoreum tokens held in the wallet via the CoinEx exchange. The other 1.7 million tokens remained idle.