Hacker gang ‘8220’ expands cloud botnet to more than 30,000 hosts

On Tuesday, A crypto mining gang known as ‘8220’ Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts.

According to Bleeping Computer, the group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache.

After having access, the attackers use SSH brute forcing to spread further and hijack available computational resources to execute crypto miners that point to untraceable pools.

The gang has been active since at least 2017 and isn’t considered particularly sophisticated, but the immediate explosion in infection numbers marks how dangerous and impactful these lower-tier actors can still be when they’re devoted to their goals.

“In the latest campaign, observed and analyzed by SentineLabs, the 8220 Gang has added new things to the script used to expand their botnet, a piece of code that is sufficiently stealthy despite lacking dedicated detection evasion mechanisms,” a source as per Bleeping Computer.

Starting late last month, the group began using a dedicated file for the management of the SSH brute forcing step that contains 450 hardcoded credentials corresponding to a broad range of Linux devices and apps.

 

 




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i