10673501259?profile=RESIZE_400xFor the past month, a crimeware (crypto-mining) group infamously known as the 8220 Gang has expanded their botnet to roughly 30,000 global hosts.  This through the use of Linux and common cloud application vulnerabilities and poorly secured configurations.  In a recent campaign, the group was observed making use of a new version of the IRC botnet, PwnRig cryptocurrency miner, and its generic infection script. 

Link to full report, with IOCs: IR-22-208-001_8220Gang.pdf

[1] https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • Check out the attached indicators of compromise (IOCs)
This reply was deleted.