Returned Libra  (Back to overview)

aka: 8220 Mining Group

Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Tools commonly employed during their operations are PwnRig or DBUsed which are customized variants of the XMRig Monero mining software. The Returned Libra mining group is believed to have originated from a GitHub fork of the Rocke group's software. Returned Libra has elevated its mining operations with the use of cloud service platform credential scrapping.

Associated Families

There are currently no families associated with this actor.

2022-07-18Palo Alto Networks Unit 42Unit 42
Returned Libra
Returned Libra

Credits: MISP Project