8220 Hacker Group Added Hadooken & K4Spreader Tools To Their Arsenal

The 8220 hacker group is known for targeting both Windows and Linux web servers by deploying “crypto-jacking” malware to exploit vulnerabilities. The Linux infection utilized scripts named “c” and “y” to deploy the Hadooken malware, disable cloud protection tools, and attempt lateral movement through SSH brute-force attacks. On September 17, 2024, Sekoia’s Threat Detection & Research team identified a sophisticated cyber attack targeting both Windows and Linux systems through an Oracle WebLogic honeypot. This attack shared numerous similarities with a case reported by AquaSec on September 12, 2024, which includes the “common TTPs” and “IoCs,” strongly suggesting the involvement of the 8220 Gang. 8220 hacker group is a Chinese threat actor known since 2018 for targeting cloud environments to deploy cryptomining malware. Both target “WebLogic servers” using similar scripts (“c” and “y”) and the “lwp-download binary” for initial access. While the analysis suggests ‘Hadooken’ and ‘K4Spreader’ are distinct but related to “Go-based” malware. The “PwnRig” payload uses identical hashes, proxies (run.on-demand[.]pw), and Monero wallet across cases. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Get Latest Hacker News & Cyber Security Newsletters update Daily.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Oct 2024 15:00:21 +0000


Cyber News related to 8220 Hacker Group Added Hadooken & K4Spreader Tools To Their Arsenal

8220 Hacker Group Added Hadooken & K4Spreader Tools To Their Arsenal - The 8220 hacker group is known for targeting both Windows and Linux web servers by deploying “crypto-jacking” malware to exploit vulnerabilities. The Linux infection utilized scripts named “c” and “y” to deploy the ...
2 months ago Cybersecuritynews.com
New Sophisticated Linux Malware Exploiting Apache2 Web Servers - Throughout the campaign, the attackers demonstrated advanced knowledge of Linux systems by continuously adapting their malware and tactics to avoid detection while maximizing system resource exploitation for “cryptocurrency mining” and ...
2 months ago Cybersecuritynews.com
How To Collect Malware Indicators Of Compromise In The ANY.RUN Sandbox - The sandbox captures various types of IOCs like “network communications,” “file system changes,” “registry modifications,” and “process behaviors,” enabling thorough threat assessment. The ANY.RUN ...
2 months ago Cybersecuritynews.com
Hackers Exploiting Docker Swarm, Kubernetes & SSH Servers In Large Scale - The primary goal was “cryptojacking,” using the XMRig miner to mine “Monero cryptocurrency.” The attackers showed advanced tactics by manipulating “Docker Swarm,” to create a botnet-like network of compromised ...
2 months ago Cybersecuritynews.com
New Variant Of XWorm Delivered Via Windows Script File - It executes a wide range of commands like “system manipulation” (‘shutdown,’ ‘restart,’ ‘logoff’), “file operations,” and “remote code execution” via PowerShell. This diverse ...
2 months ago Cybersecuritynews.com
Hackers Exploiting Critical SolarWinds Serv-U Vulnerability In The Wild - The attacks evolved from simple vulnerability scans to intense exploitation attempts, with peaks of new payload types observed on specific dates (“July 7” and “July 29”). attempts emerged and target sensitive files like ...
2 months ago Cybersecuritynews.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
2 months ago Securelist.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
1 year ago Imperva.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
SIEM agent being used in SilentCryptoMiner attacks | Securelist - The most interesting action in this attack was the implementation of unusual techniques like using an SIEM agent as backdoor, adding the malicious payload to a legitimate digital signature, and hiding directories containing malicious files. The ...
2 months ago Securelist.com
Crooked Cops, Stolen Laptops & the Ghost of UGNazi – Krebs on Security - Earlier this year, an Internet sleuth on Youtube showed that even though Zelocchi’s IMDB profile has him earning more awards than most other actors on the platform (here he is holding a Youtube top viewership award), Zelocchi is probably better ...
2 months ago Krebsonsecurity.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around ...
1 year ago Techrepublic.com
A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security - “Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from ...
2 months ago Krebsonsecurity.com
Book Review: "Premier CISO - Board & C-Suite" By Michael S. Oberlaender - Home - Future, Trends and Insight - Book Review - Book Review: “Premier CISO – Board & C-Suite” by Michael S. Overall, “Premier CISO – Board & C-Suite” is a valuable resource for cybersecurity professionals ...
2 months ago Informationsecuritybuzz.com
Hackers Turned Visual Studio Code As A Remote Access Tool - After successfully intercepting the exfiltrated data the threat actors exploit unauthorized access through GitHub’s authentication system by navigating to “hxxps://github[.]com/login/device” and utilizing stolen alphanumeric ...
2 months ago Cybersecuritynews.com
California Governor Vetoes AI Safety Bill | Silicon UK Tech News - US tech companies and researchers voiced similar concerns over the California bill, with Li Feifei, known as the “godmother of AI” and co-founder of AI start-up World Labs, saying in an August opinion piece that the bill would “harm ...
2 months ago Silicon.co.uk
China-aligned CeranaKeeper Makes A Beeline For Thailand - The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication ...
2 months ago Informationsecuritybuzz.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
5 months ago Securityweek.com
Imperva Report Previously Undocumented 8220 Gang Activities - Imperva Threat Research team has recently discovered a previously unreported activity from the 8220 gang, which is well-known for mass-deploying a range of constantly evolving TTPs to distribute malware in large quantities. The threat actor has a ...
1 year ago Cysecurity.news
ISB Cybersecurity Awareness Month: Expert Tips - Information Security Buzz spoke with several security experts and asked them, “What’s the one piece of advice that could make a difference?” Their responses highlight that cybersecurity is not one-size-fits-all—each organization must tailor ...
2 months ago Informationsecuritybuzz.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
1 year ago Csoonline.com
7 Best Vulnerability Scanning Tools & Software - Vulnerability scanning tools scan assets to identify missing patches, misconfigurations, exposed application vulnerabilities, and other security issues to be remediated. To help you select the best fitting vulnerability scanning solution, we've ...
11 months ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)