[MART] - Daily Diary #558 - 8220 Gang Massively Expands Botnet
CTAS-MAT
ctas-mat at appgate.com
Fri Jul 22 20:28:40 UTC 2022
Hello,
I hope everyone is doing well!
Below is the entry for today.
07/22/2022 - Diary entry #558:
Recently, a crypto mining theft gang, active since at least 2017 and known as "8220 Gang", has been exploiting Linux vulnerabilities and misconfigured cloud applications. Their objective is to grow their botnet by targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache.
Previously, this gang compromised servers using publicly available exploits and SSH brute-force to spread further and hijack available computing resources to run crypto miners. Lately, 8220 Gang has expanded its botnet by implementing new features such as a dedicated file with hardcoded passwords for the SSH brute force, and blacklists to exclude specific hosts. They also started using a new version of its custom cryptominer, PwnRig, based on the open-source Monero miner XMRig.
Groups like 8220 Gang are very effective as they use exploits to attack vulnerable systems to carry out their operation. That resulted in a powerful and dangerous botnet that can be used for various malicious purposes.
Kind Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220722/f2f1b5ec/attachment.htm>
More information about the MART
mailing list