8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

The 8220 gang has been discovered exploiting a vulnerability in the Oracle WebLogic Server (CVE-2020-14883) to spread malware, according to Imperva Threat Research. Active since 2017, the group typically deploys cryptocurrency miners on Linux and Windows hosts by exploiting known weaknesses. Recently, they have been targeting healthcare, telecommunications and financial services in the US, South Africa, Spain, Columbia, and Mexico.