SYMBOLCOMMON_NAMEaka. SYNONYMS

Water Sigbin  (Back to overview)

aka: 8220 Gang

The 8220 Gang, also known as Water Sigbin, is a threat actor group that focuses on deploying cryptocurrency-mining malware. They exploit vulnerabilities in Oracle WebLogic servers, such as CVE-2017-3506 and CVE-2023-21839, to deliver cryptocurrency miners using PowerShell scripts. The group has demonstrated a sophisticated multistage loading technique to deploy the PureCrypter loader and XMRIG crypto miner. They are known for using obfuscation techniques, such as hexadecimal encoding and code obfuscation, to evade detection and compromise systems.


Associated Families

There are currently no families associated with this actor.


References
2024-06-28Trend MicroAhmed Mohamed Ibrahim, Shubham Singh, Sunil Bharti
Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer
Water Sigbin
2024-05-30Trend MicroSunil Bharti
Decoding Water Sigbin's Latest Obfuscation Tricks
Water Sigbin
2024-02-22UptycsUptycs Threat Research
8220 Gang Cryptomining Campaign Targets Linux & Windows Platforms
Water Sigbin
2023-12-14ImpervaDaniel Johnston
Imperva Detects Undocumented 8220 Gang Activities
Water Sigbin
2023-05-16Trend MicroSunil Bharti
8220 Gang Evolves With New Strategies
Water Sigbin
2023-04-17AhnLabASEC
8220 Gang Uses Log4Shell Vulnerability to Install CoinMiner
Water Sigbin
2022-07-18SentinelOneTom Hegel
From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
Water Sigbin
2022-07-07AquaNitzan Yaakov
8220 Gang Deploys a New Campaign with Upgraded Techniques
Tsunami Water Sigbin

Credits: MISP Project