Skip to Content

8220 gang

Updated on 2022-10-17

SentinelOne said last week that 8220 Gang, an infamous cybercrime group that is known for targeting cloud-based infrastructure for cryptomining attacks, has updated its infrastructure and attack methods and is now targeting misconfigured versions of Docker, Apache, and WebLogic servers. In a previous report in July, SentinelOne said the gang infected more than 30,000 cloud servers by exploiting known vulnerabilities and via brute-force attacks. Read more:


Microsoft has a Twitter thread on the recent activities of the 8220 Gang, a cryptocurrency-mining group active since early 2021. Microsoft says the group has been recently seen exploiting vulnerabilities like CVE-2022-26134 (Confluence) and CVE-2019-2725 (WebLogic) for initial access against Linux systems, confirming similar observations from Check Point earlier this month.

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on