port 8220 - X-Industry - Red Sky Alliance2024-03-29T11:26:21Zhttps://redskyalliance.org/xindustry/feed/tag/port+82208220 Ganghttps://redskyalliance.org/xindustry/8220-gang2022-07-27T12:36:46.000Z2022-07-27T12:36:46.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10673501259,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10673501259,RESIZE_400x{{/staticFileLink}}" width="250" alt="10673501259?profile=RESIZE_400x" /></a>For the past month, a crimeware (crypto-mining) group infamously known as the 8220 Gang has expanded their botnet to roughly 30,000 global hosts. This through the use of Linux and common cloud application vulnerabilities and poorly secured configurations. In a recent campaign, the group was observed making use of a new version of the IRC botnet, PwnRig cryptocurrency miner, and its generic infection script. </p>
<p>Link to full report, with IOCs: <a href="{{#staticFileLink}}10673500879,original{{/staticFileLink}}">IR-22-208-001_8220Gang.pdf</a> </p>
<h2><a href="#_ftn1"></a><a href="#_ftnref1"><span style="font-size:10pt;">[1]</span></a><span style="font-size:10pt;"> <a href="https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/">https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/</a></span></h2></div>