Tuesday, November 12, 2024
HomeCyber Security News8220 Hacker Group Attacking Linux & Windows Users to Mine Crypto

8220 Hacker Group Attacking Linux & Windows Users to Mine Crypto

Published on

Malware protection

In a significant escalation of cyber threats, the 8220 Gang, a notorious Chinese-based hacker group, has intensified its attacks on cloud-based infrastructure, targeting both Linux and Windows users to mine cryptocurrency.

This latest campaign, from May 2023 through February 2024, marks a concerning advancement in the group’s tactics and poses a heightened risk to cloud security worldwide.

Document
Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

- Advertisement - SIEM as a Service

Sophisticated Tactics & Cloud Security Risks

The 8220 Gang has shifted its focus towards exploiting well-known vulnerabilities, including CVE-2021-44228 and CVE-2022-26134, to infiltrate cloud systems.

The group identifies potential entry points by conducting internet scans for vulnerable applications and exploiting unpatched vulnerabilities to gain unauthorized access.

Attack timeline
Attack timeline

This strategic pivot towards more sophisticated techniques underscores a critical evolution in cyber threats facing cloud infrastructure today.

The implications of these attacks are far-reaching, affecting countless organizations that rely on cloud infrastructure for their operations, reads Uptycs report.

The change in tactics and methods employed by the 8220 Gang signifies an alarming advancement in cybercriminal capabilities, emphasizing the need for heightened vigilance and robust security measures.

Exploitation and Cryptomining

The group has been documented to use various tools in their campaigns, including Tsunami malware, XMRIG cryptominer, masscan, and spirit, to deploy cryptocurrency miners on compromised Linux and Microsoft Windows hosts.

This allows them to profit from unauthorized mining operations and poses significant risks to the integrity and performance of the affected systems.

One of the recent attacks observed involved exploiting the Oracle WebLogic vulnerability CVE-2017-3506, which impacts the WLS Security Component of Oracle WebLogic.

This vulnerability enables attackers to execute arbitrary commands remotely, providing a gateway for further malicious activities.

Implications and Defense Strategies

The 8220 Gang’s latest campaign highlights the critical need for organizations to bolster their cloud security defenses.

By understanding the nature of these attacks and the changes in the group’s approach, organizations can better prepare themselves to defend against such sophisticated threats.

Downloading payload deliver.cmd.
Downloading payload deliver.cmd.

This includes ensuring that all systems are regularly updated and patched, implementing robust security measures, and maintaining vigilance for any signs of compromise.

As the 8220 Gang continues to evolve its strategies, the cybersecurity community must remain proactive in detecting and mitigating these threats.

The ongoing efforts by security researchers to analyze and document the group’s tactics provide valuable insights that can help develop effective countermeasures.

The 8220 Gang’s renewed assault on cloud-based infrastructure through sophisticated cryptomining attacks underscores the ever-present threat cyber criminals pose.

Organizations must prioritize cloud security and adopt comprehensive strategies to protect against these advanced threats, ensuring the security and integrity of their operations in the face of evolving cyber challenges.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...