According to the Microsoft 365 Defender Threat Intelligence Team, a Vietnamese hacker involved in various attacks so far has been using crypto mining techniques to hide his espionage activities, including the expansion of their victims’ network. Folks at the Microsoft 365 Defender Threat Intelligence Team tracked down the identity of this threat actor. The research underlines that the threat actor in question, BISMUTH, has been active since 2012.
Microsoft on a hacker using Crypto Miners
The cyber-criminal organization uses various techniques to steal and compromise information from financial services and educational services and multinational corporations and national governments.
Meaning, BISMUTH was using the traditional form of anti-surveillance tools. However, in campaigns between July 2020 and August 2020, BISMUTH actors used the Monero coin minors to grab information from private and public-sector organizations from France and Vietnam. It means the team has been targeting devices that could be capable of coin mining.
“Blending in was important for BISMUTH because the group spent long periods of time performing discovery on compromised networks until they could access and move laterally to high-value targets like servers, where they installed various tools to further propagate or perform more actions. At this point in the attack, the group relied heavily on evasive PowerShell scripts, making their activities even more covert,” Microsoft said.
Considering that this cybercriminal team goes to the extent of stealing information from even human rights organizations worldwide, it is clear that BISMUTH has no specific set of ethics. However, the team has now started using crypto tech to blend in means that they need better protection from the routine anti-malware threats and evade detection for as long as possible.
More importantly, the BISMUTH attacks are known for staying quiet for hiding in plain sight. Because the attackers use such moves while devising a plan of action, it is expected that many of the potential intrusions go unnoticed.
These Microsoft Threat Intelligence teams’ findings emphasize the increasing need to enable two-factor authentication and other security measures. Besides, law enforcement agencies that try to capture these threat actors should expand their search horizons, going deep into the crypto world to see if it is being used as a disguise.