8220 Gang of Cryptojackers Exploit Log4Shell to Mint Coins

24 April 2023
Researchers found 8220 Gang exploiting the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers of Korean energy-related companies. The gang uses a PowerShell script to download ScrubCrypt and establish persistence by making edits to the registry entries. System administrators are advised to verify whether their existing VMware servers are susceptible and apply the latest patches.