Microsoft Warns Malware That Targets Linux Just Got A Big Update

Image: Getty Images/iStockphoto

Microsoft says it has spotted “notable updates” to malware targeting Linux servers to install cryptominer malware. 

Microsoft has called out recent work from the so-called “8220 gang” group, which has recently been spotted exploiting the critical bug affecting Atlassian Confluence Server and Data Center, tracked as CVE-2022-26134. 

“The group has actively updated its techniques and payloads over the last year. The most recent campaign targets i686 and x86_64 Linux systems and uses RCE exploits for CVE-2022-26134 (Confluence) and CVE-2019-2725 (WebLogic) for initial access,” Microsoft’s Security Intelligence Centre notes

SEE: Cloud computing dominates. But security is now the biggest challenge

“The updates include the deployment of new versions of a cryptominer and an IRC bot, as well the use of an exploit for a recently disclosed vulnerability,” Microsoft warned.

Atlassian disclosed the bug on June 2 and within a week, security firm Check Point discovered the 8220 gang was using the Atlassian flaw to install malware on Linux systems. The group was also targeting Windows systems using the Atlassian flaw to inject a script into a PowerShell memory process.  

CISA had already warned federal agencies to patch it by June 6 and until then block all internet access to the product.  

The 8220 gang has been active since 2017, according to Cisco’s Talos Intelligence group, which described it as a Chinese-speaking, Monero-mining threat actor whose C2’s often communicate over port 8220, thus earning its name. At that

Read more

Explore the site

More from the blog

Latest News