Hyland 160x1200

Hyland 160x1200

Hyland 705x108
Friday, 20 January 2023 09:11

Chinese 8220 Gang targets public clouds and vulnerable applications

By Radware
Chinese 8220 Gang targets public clouds and vulnerable applications

GUEST RESEARCH: Today, Radware issued a threat advisory about a for-profit threat group from China called the 8220 Gang. The gang, also known as 8220 Mining Group, has rolled into the New Year targeting public cloud environments and poorly secured applications, using a custom-built crypto miner and IRC bot.

The 8220 Gang is known to use a variety of tactics and techniques to hide their activities and evade detection. But it is not perfect and was caught attempting to infect one of Radware's Redis honeypots.

Big picture

According to the 2022 Radware Threat Report, Redis was the fourth most scanned and exploited TCP port in Radware's Global Deception Network in 2022, up from the tenth position in 2021.

According to Radware head of research of cyber threat intelligence Daniel Smith, "The threat to cloud environments and insecure applications continues to pose risks to organisations around the world, especially those that use weak credentials or do not patch vulnerabilities immediately. Because of poor security hygiene, low-skilled groups like the 8220 Gang are able to cause a significant impact to targeted systems."

Why it matters

• It is not the first time Redis is subject to exploit activity by malicious gangs. Redis gained a lot of popularity among the criminal community in 2022 and is one of the services that should be looked after and not be exposed to the internet if not required.

• The main objective of the 8220 Gang is to compromise poorly secured cloud servers with a custom-built crypto miner and a Tsunami IRC bot, leaving companies to deal with the fallout:

• The main concern with crypto mining malware is that it can significantly impact a system's performance. But it can also expose systems to additional security risks. Once infected, threat actors can use the same access to install other types of malware, such as keyloggers or remote access tools, which can subsequently be leveraged to steal sensitive information, gain unauthorised access to sensitive data, or deploy ransomware and wipers.

• The Tsunami IRC is a bot used as backdoor, allowing the threat actors to remotely control systems and launch distributed denial-of-service (DDoS) attacks.

• Many organisations have limited visibility, making it more difficult for security and network operations to detect and respond to security threats.

• Public cloud providers offer limited security controls, making it easier for threat actors to find and exploit vulnerabilities.

What's next?

For more details, please see Radware's threat advisory.

Read 1173 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




ENABLE HYBRID CLOUD & REDUCE NETWORK LATENCY WHITEPAPER

Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.

DOWNLOAD NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Guest Research
Tagged under

Related items

More in this category: « Nozomi Networks Labs report finds ruin vs. ransom dominates 2022 threat landscape Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments