Microsoft links Vietnamese hackers to cryptomining malware campaign



has revealed that Vietnamese government-backed hackers are deploying cryptocurrency-mining malware alongside their regular cyber-espionage toolkits.


The report highlights a growing trend in the cyber-security industry where an increasing number of state-backed hacking groups are also dipping their toes into regular cybercrime operations, making it harder to distinguish financially-motivated crime from intelligence gathering operations.



Tracked by the 365 Defender Threat Intelligence Team as Bismuth, the Vietnamese group has been active since 2012 and is more widely known as APT32 and OceanLotus.


“BISMUTH has been running increasingly complex cyber-espionage attacks as early as 2012, using both custom and open-source tooling to target large multinational corporations, governments, financial services, educational institutions, and human and civil rights organisations,” said in a blog post late on Monday.


In campaigns from July to August 2020, the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam.


“The campaigns from the nation-state actor BISMUTH take advantage of the low-priority alerts coin miners cause to try and fly under the radar and establish persistence,” the Microsoft team announced.


Because BISMUTH’s attacks involved techniques that ranged from typical to more advanced, devices with common threat activities like phishing and coin mining should be elevated and inspected for advanced threats.


“More importantly, organisations should prioritise reducing attack surface and hardening networks against the full range of attacks”.


BISMUTH attempts to gain initial access by sending specially crafted malicious emails from a Gmail account that appears to have been made specifically for its campaign.


As the affected organisations worked to evict BISMUTH from their networks, Microsoft security researchers saw continued activity involving lateral movement to other devices, credential dumping, and planting of multiple persistence methods.


“This highlights the complexity of responding to a full-blown intrusion and the significance of taking quick action to resolve alerts that flag initial stages of an attack,” said the team.


–IANS


na/

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *