Microsoft highlights how Vietnamese hackers used crypto-mining software to fly under the radar

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft highlighted how Vietnamese government-backed hackers used cryptocurrency-mining to go undetected.
  • A Microsoft report states that state-backed hacking groups are trying out more traditional cybercrime.
  • A group known as BISMUTH utilized coin miners as part of an attack.

Microsoft on Monday highlighted a growing trend of state-sponsored hackers disguising themselves as financially motivated hackers rather than being motivated by espionage. The company illustrated this by sharing from the Vietnamese group BISMUTH (via ZDNet). A group known as BISMUTH recently tried a new tactic that centered around crypto mining, which is different than their normal method of attack.

The Microsoft Defender team explained on Monday:

While this actor's operational goals remained the same—establish continuous monitoring and espionage, exfiltrating useful information as is it surfaced—their deployment of coin miners in their recent campaigns provided another way for the attackers to monetize compromised networks. Considering some of the group's traditional targets are human and civil rights organizations, BISMUTH attacks demonstrate how attackers give little regard to services they impact.

In other words, Microsoft says that while BISMUTH remains primarily an espionage outfit, it won't turn down any money it receives from crypto ransom. It also helps if targets — once they locate BISMUTH-planted malware — write it off as "less alarming" and "commodity" intrusions.

Microsoft's security team does have a few takeaways from this little story that users in all walks of life could take heed of. The company reminded users to be careful about what they share on social media, as it could lead to vulnerability to spearphishing attacks. Microsoft also encourages users to make use of Office 365's spam filtering settings so that emails with malware and spam are blocked.

In the incident that a user is hacked, the company notes that users should be using multi-factor authentication combined with strong passwords. Once again, there are a lot of tips in the post that remain relevant even if you're not an espionage target from the world governments.

The biggest takeaway here remains that a secure network is as strong as its weakest link. As BISMUTH illustrates, protecting against highly sophisticated attacks alone is inefficient.

Michael Allison