Security News > 2022 > July > Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign.
"The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday.
8220, active since early 2017, is a Chinese-speaking, Monero-mining threat actor so named for its preference to communicate with command-and-control servers over port 8220.
Now according to Microsoft, the most recent campaign striking i686 and x86 64 Linux systems has been observed weaponizing remote code execution exploits for the freshly disclosed Atlassian Confluence Server and Oracle WebLogic for initial access.
Besides achieving persistence by means of a cron job, the "Loader uses the IP port scanner tool 'masscan' to find other SSH servers in the network, and then uses the GoLang-based SSH brute force tool 'spirit' to propagate," Microsoft said.
The attacks range from vulnerability probes to determine if the target system is susceptible to injection of malware such as web shells and crypto miners, the cloud security company noted.
News URL
https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html
Related news
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Trust Signing service abused to code-sign malware (source)
- Microsoft Trusted Signing service abused to code-sign malware (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)