| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Tools commonly employed during their operations are PwnRig or DBUsed which are customized variants of the XMRig Monero mining software. The Returned Libra mining group is believed to have originated from a GitHub fork of the Rocke group's software. Returned Libra has elevated its mining operations with the use of cloud service platform credential scrapping.
There are currently no families associated with this actor.
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Returned Libra Returned Libra |