Microsoft Security Intelligence experts have issued a new warning against a known cloud threat actor (TA) group, dubbed 8220, targeting Linux servers to install crypto miners.
“We observed notable updates to the long-running malware campaign targeting Linux systems by a group known as the 8220 gang. The updates include the deployment of new versions of a crypto miner and an IRC bot, as well the use of an exploit for a recently disclosed vulnerability,” the technology giant wrote in a series of tweets.
According to Cisco’s Talos Intelligence group, the 8220 gang has been operating since at least 2017, and primarily focuses on crypto mining campaigns. The threat actors are Chinese-speaking, the names of the group come from the port number 8220 used by the miner to communicate with the C2 servers.
Over the past year, the group has actively upgraded its methodologies and payloads. In a recent campaign, the hacking group targeted i686 and x86_64 Linux systems and employed RCE exploits for CVE-2022-26134 (Atlassian Confluence) and CVE-2019-2725 (Oracle WebLogic) for initial access, Micr
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: