Scoop has an Ethical Paywall
License needed for work use Register

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Chinese 8220 Gang Targets Public Clouds And Vulnerable Applications

Today, Radware issued a threat advisory about a for-profit threat group from China called the 8220 Gang. The gang, also known as 8220 Mining Group, has rolled into the New Year targeting public cloud environments and poorly secured applications, using a custom-built crypto miner and IRC bot.

The 8220 Gang is known to use a variety of tactics and techniques to hide their activities and evade detection. But it is not perfect and was caught attempting to infect one of Radware's Redis honeypots.

Big picture
According to the 2022 Radware Threat Report, Redis was the fourth most scanned and exploited TCP port in Radware's Global Deception Network in 2022, up from the 10th position in 2021.

According to Daniel Smith, head of research of cyber threat intelligence at Radware, "The threat to cloud environments and insecure applications continues to pose risks to organizations around the world, especially those that use weak credentials or do not patch vulnerabilities immediately. Because of poor security hygiene, low-skilled groups like the 8220 Gang are able to cause a significant impact to targeted systems."

Why it matters

* It is not the first time Redis is subject to exploit activity by malicious gangs. Redis gained a lot of popularity among the criminal community in 2022 and is one of the services that should be looked after and not be exposed to the internet if not required.
* The main objective of the 8220 Gang is to compromise poorly secured cloud servers with a custom-built crypto miner and a Tsunami IRC bot, leaving companies to deal with the fallout:
* The main concern with crypto mining malware is that it can significantly impact a system's performance. But it can also expose systems to additional security risks. Once infected, threat actors can use the same access to install other types of malware, such as keyloggers or remote access tools, which can subsequently be leveraged to steal sensitive information, gain unauthorized access to sensitive data, or deploy ransomware and wipers.
* The Tsunami IRC is a bot used as backdoor, allowing the threat actors to remotely control systems and launch distributed denial-of-service (DDoS) attacks.
* Many organizations have limited visibility, making it more difficult for security and network operations to detect and respond to security threats.
* Public cloud providers offer limited security controls, making it easier for threat actors to find and exploit vulnerabilities.
What's next?
For more details, please see Radware's threat advisory<>.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

© Scoop Media

Advertisement - scroll to continue reading
Business Headlines | Sci-Tech Headlines

FMA: MAS To Pay $2.1M Penalty For Making False Representations

Following proceedings brought by the FMA, MAS has been ordered to pay a $2.1M penalty for making false and/or misleading representations to some customers. MAS admitted failing to correctly apply multi-policy discounts and no claims bonus discounts to some customers, failing to correctly apply inflation adjustments on some customer policies, and miscalculating benefit payments.More

IAG: Call On New Government To Prioritise Flood Resilience

The economic toll of our summer of storms continues to mount, with insurance payouts now topping $1B, second only to the Christchurch earthquakes. AMI, State, & NZI have released the latest Wild Weather Tracker, which reveals 51,000 claims for the North Island floods & Cyclone Gabrielle, of which 99% (motor), 97% (contents), and 93% (home) of claims have now been settled. More


Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.