CVE Database Threat Actors Research API Docs

Visit Strobes.co Sign Up for Strobes

CVE Database Threat Actors Research API Docs

Tools

Visit Strobes.co Sign Up for Strobes

Do you like the insights?

Strobes vulnerability intelligence is a key component of their Exposure Management platform that helps organizations understand, prioritize, and address security vulnerabilities more effectively.

© 2026 Strobes Security. All rights reserved.

Returned Libra - Threat Actor Profile & Exploited CVEs | Strobes VI | Strobes VI

Home Threat ActorsReturned Libra

Returned Libra

Also known as: 8220 Mining Group

0

Exploited CVEs

Overview

Returned Libra, also known as 8220 Mining Group, is a cloud threat actor group that has been active since at least 2017. Tools commonly employed during their operations are PwnRig or DBUsed which are customized variants of the XMRig Monero mining software. The Returned Libra mining group is believed to have originated from a GitHub fork of the Rocke group's software. Returned Libra has elevated its mining operations with the use of cloud service platform credential scrapping.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database

Quick Actions

Search related CVEs Browse all threat actors