Threat actors have been targeting vulnerable Redis instances since February 2022 when the Redis Lua Sandbox Escape and Remote Code Execution Vulnerability, also known as “CVE — 2022 — 0543,” was discovered. The Mushtik Gang was one of the first cyber attack groups to exploit it.