The notorious 8220 Gang has been identified as a low-skill crimeware group that has been exploiting a six-year-old vulnerability in Oracle WebLogic servers in order to gain unauthorized access to sensitive data, compromise systems, and deploy a cryptocurrency miner. The attackers use port 8220 for command-and-control network communications, SSH brute force attacks, a malware downloader called PureCrypter, and a crypter codenamed ScrubCrypt to conceal the miner payload. The group has also been observed using a PowerShell payload to launch a Windows binary, which downloads a cryptocurrency miner from three C2 servers, and a legitimate Linux tool called lwp-download to save arbitrary files on the compromised host.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.