SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cloud Services
#
Cybersecurity
#
Malware
China-based threat group targeting public cloud - Radware
Fri, 20th Jan 2023
FYI, this story is more than a year old
Author image
By Zach Thompson, News Editor
Follow us

Radware has issued a threat advisory about a for-profit threat group from China known as the 8220 Gang, who has emerged in the New Year targeting public cloud environments.

Also known as 8220 Mining Group, the gang carries out its attacks using a custom-built crypto miner and IRC bot, also targeting poorly secured applications.

The 8220 Gang uses various strategies to hide their activities and evade being detected.

However, the group’s skills are not perfect, and Radware caught it attempting to infect one of its Redis honeypots.

The 2022 Radware Threat Report notes that Redis was the fourth most scanned and exploited TCP port in Radware’s Global Deception Network last year, up from the 10th position in 2021.

“The threat to cloud environments and insecure applications continues to pose risks to organisations around the world, especially those that use weak credentials or do not patch vulnerabilities immediately,” says Daniel Smith, Cyber Threat Intelligence Research Head, Radware. 

“Because of poor security hygiene, low-skilled groups like the 8220 Gang are able to cause a significant impact to targeted systems.”

Radware notes this is not the first time malicious gangs have exploited Redis, with the in-memory data structure store becoming a hot topic in the criminal community in 2022.

Radware notes it is one of the services that should be looked after and only exposed to the internet if absolutely necessary.

The 8220 Gang’s main objective is to compromise poorly secured cloud servers with a custom-built crypto miner and a Tsunami IRC bot, leaving companies to deal with the fallout.

The main concern with crypto mining malware is that it can severely impact system performance.

Further, it can expose systems to more security risks and once infected, threat actors are able to use that same access to install other types of malware.

This includes keyloggers and remote access tools, which the threat actors can then use to steal sensitive information, gain unauthorised access to sensitive data, or deploy ransomware and wipers.

The 8220 Gang uses the Tsunami bot as a backdoor, allowing the threat actors to control systems remotely and launch distributed denial-of-service (DDoS) attacks.

Radware notes that because many organisations have limited visibility, it is more difficult for security and network operators to detect and respond to security threats.

Additionally, public cloud providers offer limited security controls, making it easier for threat actors to find and exploit vulnerabilities.

Radware’s threat advisory about the 8220 Gang comes after the cyber security and application delivery solutions firm released its First Half 2022 Global Threat Analysis Report, finding a significant increase in DDoS activity across the globe in the first six months of the year.

Attacks ranged from cases of hacktivism to terabit attacks in Asia and the United States.

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models