"'8220' Malware Gang to Compromise Linux Systems and Install Cryptomining Malware"

Microsoft reported discovering notable updates to malware designed to install cryptominer malware on Linux servers. Microsoft has cited recent work from the "8220" group, which was recently spotted exploiting the critical bug affecting Atlassian Confluence Server and Data Center. Over the last year, the group has actively updated its techniques and payloads. The most recent campaign targets i686 and x86 64 Linux systems, gaining access via RCE exploits for CVE-2022-26134 (Confluence) and CVE-2019-2725 (WebLogic). The updates include the deployment of new versions of a cryptominer and an IRC bot, as well as the use of a recently disclosed vulnerability exploit. According to Cisco's Talos Intelligence group, the 8220 gang has been active since 2017, and it is a Chinese-speaking, Monero-mining threat actor whose C2s frequently communicate over port 8220. They were targeting Apache Struts2 and Docker image vulnerabilities to compromise enterprise servers. This article continues to discuss recent updates made to the 8220 malware. 

ZDNet reports "'8220' Malware Gang to Compromise Linux Systems and Install Cryptomining Malware"