The 8220 Cryptomining Gang massively expands Cloud Botnets

Threat Advisories

The 8220 Cryptomining Gang massively expands Cloud Botnets

Threat Level
Actor Report

For a detailed advisory, download the pdf file here

Summary

The 8220 gang has significantly expanded their cloud bot armies around the world, targeting AWS, Azure, GCP, Alitun, and QCloud cloud service hosts. The group is being detected using a new version of the IRC botnet, the PwnRig cryptocurrency miner, and its standard infection script