Security News > 2020 > December > Nation-State Cyberspy Group Drops Coin Miners as Distraction Technique
A nation-state threat actor was observed using cryptocurrency miners to avoid attracting too much attention and establish persistence in targeted networks, Microsoft reported on Monday.
BISMUTH's use of coin miners is consistent with its methods of blending in.
The group would also correspond with some targets before attempting to trick them into opening malicious attachments.
The group would also ping databases and file servers containing high-value information and would drop a Cobalt Strike beacon and set up a scheduled task for persistence.
"Although the group's specific objectives for these recent attacks cannot be defined with high confidence, BISMUTH's past activities have included operations in support of broader espionage goals," Microsoft notes.