CyberSecurityBoard
Sponsor Register Login

8220 Hacker Group Added Hadooken & K4Spreader Tools To Their Arsenal

The 8220 hacker group is known for targeting both Windows and Linux web servers by deploying “crypto-jacking” malware to exploit vulnerabilities. The Linux infection utilized scripts named “c” and “y” to deploy the Hadooken malware, disable cloud protection tools, and attempt lateral movement through SSH brute-force attacks. On September 17, 2024, Sekoia’s Threat Detection & Research team identified a sophisticated cyber attack targeting both Windows and Linux systems through an Oracle WebLogic honeypot. This attack shared numerous similarities with a case reported by AquaSec on September 12, 2024, which includes the “common TTPs” and “IoCs,” strongly suggesting the involvement of the 8220 Gang. 8220 hacker group is a Chinese threat actor known since 2018 for targeting cloud environments to deploy cryptomining malware. Both target “WebLogic servers” using similar scripts (“c” and “y”) and the “lwp-download binary” for initial access. While the analysis suggests ‘Hadooken’ and ‘K4Spreader’ are distinct but related to “Go-based” malware. The “PwnRig” payload uses identical hashes, proxies (run.on-demand[.]pw), and Monero wallet across cases. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Get Latest Hacker News & Cyber Security Newsletters update Daily.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Oct 2024 15:00:21 +0000


Cyber News related to 8220 Hacker Group Added Hadooken & K4Spreader Tools To Their Arsenal

8220 Hacker Group Added Hadooken & K4Spreader Tools To Their Arsenal - The 8220 hacker group is known for targeting both Windows and Linux web servers by deploying “crypto-jacking” malware to exploit vulnerabilities. The Linux infection utilized scripts named “c” and “y” to deploy the ...
8 months ago Cybersecuritynews.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
8 months ago Securelist.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
New Sophisticated Linux Malware Exploiting Apache2 Web Servers - Throughout the campaign, the attackers demonstrated advanced knowledge of Linux systems by continuously adapting their malware and tactics to avoid detection while maximizing system resource exploitation for “cryptocurrency mining” and ...
8 months ago Cybersecuritynews.com
How To Collect Malware Indicators Of Compromise In The ANY.RUN Sandbox - The sandbox captures various types of IOCs like “network communications,” “file system changes,” “registry modifications,” and “process behaviors,” enabling thorough threat assessment. The ANY.RUN ...
8 months ago Cybersecuritynews.com
Hackers Exploiting Docker Swarm, Kubernetes & SSH Servers In Large Scale - The primary goal was “cryptojacking,” using the XMRig miner to mine “Monero cryptocurrency.” The attackers showed advanced tactics by manipulating “Docker Swarm,” to create a botnet-like network of compromised ...
8 months ago Cybersecuritynews.com TeamTNT
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
1 year ago Imperva.com CVE-2017-3506 CVE-2021-44228 CVE-2020-14883 CVE-2020-14882
Hackers Exploiting Critical SolarWinds Serv-U Vulnerability In The Wild - The attacks evolved from simple vulnerability scans to intense exploitation attempts, with peaks of new payload types observed on specific dates (“July 7” and “July 29”). attempts emerged and target sensitive files like ...
8 months ago Cybersecuritynews.com
New Variant Of XWorm Delivered Via Windows Script File - It executes a wide range of commands like “system manipulation” (‘shutdown,’ ‘restart,’ ‘logoff’), “file operations,” and “remote code execution” via PowerShell. This diverse ...
8 months ago Cybersecuritynews.com
DOGE to Fired CISA Staff: Email Us Your Personal Data – Krebs on Security - On Monday, The New York Times reported that U.S. Secret Service agents at the White House were briefly on alert last month when a trusted captain of Elon Musk’s “Department of Government Efficiency” (DOGE) visited the roof of the ...
2 months ago Krebsonsecurity.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
11 months ago Securityweek.com Silence
Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security - Incredibly, the president’s memo seeking to ostracize Krebs stands reality on its head, accusing Krebs of promoting the censorship of election information, “including known risks associated with certain voting practices.” Trump also ...
2 months ago Krebsonsecurity.com Hunters
Hackers Revealed the Exploit Method Used to Hack 4chan Messageboard - “The hack was likely caused by 4chan using an extremely out-of-date version of PHP that has a lot of vulnerabilities and exploits and is using deprecated functions to interact with [their] MySQL database,” reported security researcher ...
2 months ago Cybersecuritynews.com
China-aligned CeranaKeeper Makes A Beeline For Thailand - The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication ...
8 months ago Informationsecuritybuzz.com Mustang Panda
SIEM agent being used in SilentCryptoMiner attacks | Securelist - The most interesting action in this attack was the implementation of unusual techniques like using an SIEM agent as backdoor, adding the malicious payload to a legitimate digital signature, and hiding directories containing malicious files. The ...
8 months ago Securelist.com
Chinese eCrime Hacker Group Attacking Users in 120+ Coutries to Steal Banking Credentials - The kit’s session management capabilities track victim progress through the phishing flow, with Chinese-language status messages in the JavaScript indicating: “当前正在首页” (Currently on the home page), ...
2 months ago Cybersecuritynews.com
New Mamona Ransomware Attack Windows Machines by Abusing Ping Commands - Cyber Security News - A new ransomware strain dubbed “Mamona” that operates entirely offline and leverages a clever attack strategy that abuses the Windows ping command. Encrypted files receive the “.HAes” extension (e.g., ...
1 month ago Cybersecuritynews.com Dragonforce
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
1 month ago Cybersecuritynews.com
WinRAR 7.10 Released For 500 Million Users - What's New - Critical fixes target semi-solid archive corruption during updates, a memory allocation error in “-m1” compression mode, and context menu rendering glitches on high-DPI displays. The latest version of the widely-used file compression ...
3 months ago Cybersecuritynews.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com
How Each Pillar of the 1st Amendment is Under Attack – Krebs on Security - In an address to Congress this month, President Trump claimed he had “brought free speech back to America.” But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of ...
2 months ago Krebsonsecurity.com
Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells - Unlike previous iterations that used the password “1234qwer,” the latest variant employs “2345rdx” as its authentication mechanism, indicating an evolution in their operational security measures. The continued evolution of ...
3 months ago Cybersecuritynews.com Lazarus Group

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)