For the past month, a crimeware (crypto-mining) group infamously known as the 8220 Gang has expanded their botnet to roughly 30,000 global hosts. This through the use of Linux and common cloud application vulnerabilities and poorly secured configurations. In a recent campaign, the group was observed making use of a new version of the IRC botnet, PwnRig cryptocurrency miner, and its generic infection script.
Link to full report, with IOCs: IR-22-208-001_8220Gang.pdf
