A new security report from Microsoft says nation-state hacker group Bismuth is now distributing cryptocurrency mining malware alongside its regular cyber-spying toolkits. According to the report, miners’ deployment of Bismuth of Monero coins in recent campaigns provided attackers with another way to monetize compromised networks. Bismuth is reportedly supported by the Vietnamese government.
Before targeting cryptocurrency miners, Bismuth had traditionally targeted human and civil rights organizations both inside and outside Vietnam using sophisticated techniques. However, according to a Microsoft security report, since “cryptocurrency miners are typically associated with the operations of cybercriminals, not the sophisticated activities of national state actors.”
This means that crypto miners are not seen as the most sophisticated type of threats and therefore are not “among the most critical security issues that defenders urgently address.”
However, as the report explains, investigators began observing a change in Bismuth’s tactics in July 2020. The report says:
In campaigns from July to August 2020, the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam.
Although Microsoft’s security report acknowledges that Bismuth’s use of coin miners was unexpected, the strategy remains “consistent with the group’s longstanding merger methods.”
The report adds that “this blending pattern is particularly evident in these recent attacks, starting with the initial login phase: spear-phishing emails created specifically for a specific recipient per target organization and showing signs of previous reconnaissance.” .
Furthermore, the use of cryptocurrency miners allows Bismuth “to hide its most nefarious activities behind threats that can be perceived as less alarming because they are” commodity “malware.”
Meanwhile, the same report offers what it calls “mitigation recommendations for building organizational resilience.” Part of the recommendations include educating end users about protecting personal and business information on social media.
The report also encourages users to filter out unsolicited communications, identify bait in spear phishing emails, and report reconnaissance attempts and other suspicious activity.
Do you agree with the report’s assessment that cryptocurrency miners are associated with the operations of cybercriminals? Share your views in the comments section below.
Image credits: Shutterstock, Pixabay, Wiki Commons