News Hacker Hijacks HP EPYC Servers For Raptoreum Crypto Mining

This is an insider job , not outsider attack.
Is an insider really going to risk their potentially well-paying job (along with even more severe legal consequences) for what amounted to only a little over $100,000? That's not exactly a great payout for hijacking a large server network, and any insider would know that the situation would get caught and disabled relatively quickly, before much money could be made. It only really makes sense for someone unrelated to the company with less chance of getting caught to attempt something like that.

And as the article points out, this Java exploit (or rather Apache exploit) doesn't require physical access to the systems to be performed. This recently-revealed exploit is being called one of the most serious security vulnerabilities ever, and all sorts of businesses and government agencies worldwide have been getting their servers hacked in recent weeks.

It's the result of a bug in popular open-source server software that's been present and overlooked in the code for the better part of the last decade. If there's any "inside job" involved, it would be with flaws getting purposely introduced into open-source code by contributors, though it could just as easily be an accidental oversight in the code. A lot of companies and organizations like to believe that open-source software is somehow immune from serious flaws, but realistically, there are likely numerous flaws like this that have been hiding in the code that runs the internet for years. When a particular piece of software sees such widespread use, such flaws coming to light can cause widespread security breaches around the globe. And it can often take weeks or potentially even months for an organization to get all their servers patched.
 
I've personally seen people (network/system admin) do weirder, for less.
Again though, we're talking about something that was likely relatively easy for an outsider to exploit, and lots of other companies and organizations have been seeing similar hijackings or worse as a result of this Apache flaw, so an inside job seems like a much less likely scenario.
 

USAFRet

Titan
Moderator
Mar 16, 2013
157,611
12,101
176,090
24,360
Again though, we're talking about something that was likely relatively easy for an outsider to exploit, and lots of other companies and organizations have been seeing similar hijackings or worse as a result of this Apache flaw, so an inside job seems like a much less likely scenario.
Oh yeah...this could absolutely be an outsider thing.

But insiders with godlike access do the same, and worse.
 

Jim90

Distinguished
Again though, we're talking about something that was likely relatively easy for an outsider to exploit, and lots of other companies and organizations have been seeing similar hijackings or worse as a result of this Apache flaw, so an inside job seems like a much less likely scenario.
I wonder how well peer-review of incoming submissions operates within the Apache team, then again, I'd imagine a product as well established as this should be at least equally comparable to any commercial company. Irrespective, the bug originated in this open source code. It's going to be extremely interesting to look at the relevant submission/s that contributed to this exploit.
On a separate, though connected note, as programming languages and dependencies march onwards towards greater and greater levels of abstraction, then we run an increasingly significant danger of losing our ability of communicating in the only language CPU's understand...machine code(/assembly language). The same, of course, applies with every other programmable device, and this looming 'issue' is only going to get worse over time.
 

thisisaname

Distinguished
Feb 6, 2009
393
154
18,860
0
inside or outside attack they seem to be keeping their ill gotten gains. Not like CoinEx exchange can pay out $100, 000 without knowing who it is paying? If they can this just just cements the idea that crypto coins are just used for crime. Also if you can pay someone $100,000 without knowing who they are why the need for crypto coins to remain anonymous?

Maybe someone within the organisation wanted to see how wanted to test something out while the hardware was not doing much in the run up to Christmas and running this was better solution than trying to fake up a work load?
 
Reactions: Krotow
Nov 16, 2021
8
0
10
0
I suspect we will hear a lot more about Raptoreum in 2022. It's the second most mined coin in Hive OS after ETH. Anyone who has a Ryzen CPU could be mining RTM right now and building a small bag for when the coin goes mainstream next year. The hacker knows this is very likely to happen, hence they are holding onto half of their ill gotten gains.
 

husker

Distinguished
Oct 2, 2009
1,118
133
19,470
1
Right at this moment someone at the hacked company is doing the math to determine if it is more profitable to fire 99% of their employees and just mine crypto.
 

ASK THE COMMUNITY