Skip to main content

Hacking group '8220' grows cloud botnet to more than 30,000 hosts

posted onJuly 19, 2022
by l33tdawg
Bleeping Computer
Credit: Bleeping Computer

A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts.

The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache.

Previous attacks from this gang relied on a publicly available exploit to compromise Confluence servers. After gaining access, the attackers use SSH brute forcing to spread further and hijack available computational resources to run cryptominers that pointing to untraceable pools. The 8220 Gang has been active since at least 2017 and isn’t considered particularly sophisticated, but the sudden explosion in infection numbers underlines how dangerous and impactful these lower tier actors can still be when they’re devoted to their goals.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th