Security News > 2022 > July > Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers
2022-07-01 01:20

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign.

"The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday.

8220, active since early 2017, is a Chinese-speaking, Monero-mining threat actor so named for its preference to communicate with command-and-control servers over port 8220.

Now according to Microsoft, the most recent campaign striking i686 and x86 64 Linux systems has been observed weaponizing remote code execution exploits for the freshly disclosed Atlassian Confluence Server and Oracle WebLogic for initial access.

Besides achieving persistence by means of a cron job, the "Loader uses the IP port scanner tool 'masscan' to find other SSH servers in the network, and then uses the GoLang-based SSH brute force tool 'spirit' to propagate," Microsoft said.

The attacks range from vulnerability probes to determine if the target system is susceptible to injection of malware such as web shells and crypto miners, the cloud security company noted.


News URL

https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400
Linux 11 64 2532 1569 67 4232