Thursday, December 19, 2024
Advertisement
  1. You Are At:
  2. News
  3. Technology
  4. Microsoft suspects Vietnamese hackers are deploying cryptocurrency malware: Know details

Microsoft suspects Vietnamese hackers are deploying cryptocurrency malware: Know details

BISMUTH attempts to gain initial access by sending specially crafted malicious emails from a Gmail account that appears to have been made specifically for its campaign.

Reported by: IANS New Delhi Published : Dec 01, 2020 19:06 IST, Updated : Dec 01, 2020 19:06 IST
microsoft, cryptomining, cryptocurrency, security, cybersecurity, hackers, hacking, tech news
Image Source : PIXABAY

Microsoft links Vietnamese hackers to crypto malware

Microsoft has revealed that Vietnamese government-backed hackers are deploying cryptocurrency-mining malware alongside their regular cyber-espionage toolkits. The report highlights a growing trend in the cyber-security industry where an increasing number of state-backed hacking groups are also dipping their toes into regular cybercrime operations, making it harder to distinguish financially-motivated crime from intelligence-gathering operations.

Tracked by the Microsoft 365 Defender Threat Intelligence Team as Bismuth, the Vietnamese group has been active since 2012 and is more widely known as APT32 and OceanLotus.

"BISMUTH has been running increasingly complex cyber-espionage attacks as early as 2012, using both custom and open-source tooling to target large multinational corporations, governments, financial services, educational institutions, and human and civil rights organisations," Microsoft said in a blog post late on Monday.

In campaigns from July to August 2020, the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam.

"The campaigns from the nation-state actor BISMUTH take advantage of the low-priority alerts coin miners cause to try and fly under the radar and establish persistence," the Microsoft team announced.

Because BISMUTH's attacks involved techniques that ranged from typical to more advanced, devices with common threat activities like phishing and coin mining should be elevated and inspected for advanced threats.

"More importantly, organisations should prioritise reducing the attack surface and hardening networks against the full range of attacks".

BISMUTH attempts to gain initial access by sending specially crafted malicious emails from a Gmail account that appears to have been made specifically for its campaign.

As the affected organisations worked to evict BISMUTH from their networks, Microsoft security researchers saw continued activity involving lateral movement to other devices, credential dumping, and planting of multiple persistence methods.

"This highlights the complexity of responding to a full-blown intrusion and the significance of taking quick action to resolve alerts that flag initial stages of an attack," said the team.

Latest technology reviews, news and more

Advertisement

Read all the Breaking News Live on indiatvnews.com and Get Latest English News & Updates from Technology

Advertisement
Advertisement
Advertisement
Advertisement