Widely attributedUnknown

8220 Gang

Financially motivated Chinese-speaking threat group focused on cryptomining, conducting mass exploitation of vulnerable cloud services and web servers. Named after the port used for C2 communications.

Compare attribution across sources →

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

0.8

Low signal strength

Mentions1

Sources1

High conf.1

Last seenMay 2026

First observed

—

Last active

—

Origin

China

Aliases

Techniques

Campaigns

China

TargetsCloudTechnology

RegionsGlobal

Attribution signals

1 mention · 1 source

#1发现是high

Infrastructure

secpulse

May 2026

"搜索恶意域名，发现是8220挖矿组织"

Hedge terms observed

发现是