Security News > 2022 > July > Hacking group '8220' grows cloud botnet to more than 30,000 hosts

Hacking group '8220' grows cloud botnet to more than 30,000 hosts
2022-07-19 22:52

A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts.

The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache.

Previous attacks from this gang relied on a publicly available exploit to compromise Confluence servers.

The 8220 Gang has been active since at least 2017 and isn't considered particularly sophisticated, but the sudden explosion in infection numbers underlines how dangerous and impactful these lower tier actors can still be when they're devoted to their goals.

In the latest campaign, observed and analyzed by SentinelLabs, the 8220 Gang has added new things to the script used to expand their botnet, a piece of code that is sufficiently stealthy despite lacking dedicated detection evasion mechanisms.

Finally, 8220 Gang now uses a new version of its custom cryptominer, PwnRig, which is based on the open-source Monero miner XMRig.


News URL

https://www.bleepingcomputer.com/news/security/hacking-group-8220-grows-cloud-botnet-to-more-than-30-000-hosts/