Linux and cloud app vulnerabilities have been used by the 8220 Group crypto mining gang to expand their botnet to over 30,000 affected systems.
Over the course of just the previous month, SentinelOne researchers reported detecting this notable rise in the number of infected hosts. The malicious botnet, according to analysts, was only active on 2,000 servers worldwide by the middle of 2021.
The 8220 group has been operating at least since 2017. The hackers are China-based and the organization’s name is derived from the port 8220 that the miner uses to connect to the C2 servers.
Operation tactics
According to reports, the growth was spurred by the adoption of Linux, widespread vulnerabilities in cloud applications, and inadequately secured setups for services like Docker, Apache WebLogic, and Redis.
This group has used a publically available exploit in the past to breach confluence systems. Once inside, the attackers employ SSH brute force to spread out and commandeer the available computing power to operate crypto miners that point to untraceable pools.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: