Microsoft says a new security report says nation-state hacker group Bismuth is now deploying cryptocurrency-mining malware alongside its regular cyber-espionage toolkits.
According to the report, the deployment by Bismuth of Monero coin miners in recent campaigns has provided another way for the attackers to monetize compromised networks. The Vietnamese government reportedly backs Bismuth.
Microsoft says that a nation-state hacker group Bismuth deploys cryptocurrency-mining malware along with its regular cyber-espionage toolkits. Bismuth’s deployment of Monero coin miners in the latest campaigns have provided another way for the attackers to monetize the compromised networks. The Vietnamese government allegedly backs Bismuth.
Before relying on cryptocurrency miners, Bismuth has traditionally targeted human and civil rights organizations in and out of Vietnam using sophisticated techniques. But “cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation-state actor activity.”
It means that crypto miners are not seen as the most sophisticated type of threats and are not “among the most critical security issues that defenders address with urgency.”
As the report explains, investors have been observing a change in Bismuth’s techniques back since July 2020. The report states:
“In campaigns from July to August 2020, the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam.”
Though the Microsoft security report acknowledges that Bismuth’s use of coin miners was unexpected, the strategy remains to be “consistent with the group’s longtime methods of blending in.”
The report added that “this pattern of blending in is particularly evident in these recent attacks, starting from the initial access stage: spear-phishing emails that were specially crafted for one specific recipient per target organization and showed signs of prior reconnaissance.”
The use of cryptocurrency miners will enable Bismuth “to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re ‘commodity’ malware.”
While the same report extends what it terms “mitigation recommendations for building organizational resilience.” Part of the recommendations includes educating the end-users about protecting personal and business information on social media.
The report also advises the users to filter unwelcome communication, recognize traps in spear-phishing emails, and report exploration attempts and other suspicious activity.
No Comment