Unknown attackers took advantage of a vulnerability in the Log4J library to hack AMD EPYC processor-based servers and mine the CPU cryptocurrency Raptoreum on these resources. As a result, the hash rate of the entire Raptoreum network doubled for as long as the machines were taken offline.
The Log4J library vulnerability received the highest rating because it requires no physical access and allows attackers to establish connections, download data, or run arbitrary code on the underlying machine. HPE servers based on AMD EPYC were chosen as a target for a reason: Raptoreum cryptocurrency runs on Proof-Of-Work (PoW) model, and its GhostRider algorithm is optimized for CPUs and is resistant to ASIC systems. The most popular for Raptoreum mining are 12-core AMD Ryzen 9 5900X and 16-core 5950X & ; both have 64 MB of L3 cache, AMD EPYC Milan processors on Zen 3 architecture have twice as much & ; 128 MB (Milan-X has 768 MB). Raptoreum developers discovered an abnormal burst of hash rate on the network on December 9. The number of machines on the network was growing at an even pace, and performance dramatically doubled from 200 Mhash/s to 400 Mhash/s. The hack was discovered late: the compromised machines were taken offline only on December 17. During this time, hackers received approximately 3.4 million Raptoreum tokens, which were valued at $110 thousand as of December 21. Subsequently, 1.5 million tokens of this number were sold on the CoinEx crypto exchange. The rest of the assets remained in the wallet & ; probably, the attackers are waiting for the rise in cryptocurrency prices.