top of page
  • Writer's pictureMichael Paulyn

Breached Over 30,000 Times, This Cloud Botnet Used to Mine Crypto

Updated: Oct 29, 2023

Currently, 8220, the crypto mining group, has just expanded and infected over 30,000 infected hosts, increasing by 2,000 since 2021. This apparent growth is supposedly fuelled by using Linux and some commonly used cloud app weak points and vulnerable configurations for services such as Docker, Apache WebLogic, and Redis.

In his report, Tom Hegel from SentinelOne states, "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors."

Hegel shares that victims are not found based on their geographical location but on their internet vulnerabilities. Later, Hegel explains that "over the past few years, 8220 Gang has slowly evolved their simple, yet effective, Linux infection scripts to expand a botnet and illicit cryptocurrency miner."

Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.

4 views0 comments


bottom of page