Security News > 2020 > December > Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research.

Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam between July and August earlier this year.

"The coin miners also allowed Bismuth to hide its more nefarious activities behind threats that may be perceived to be less alarming because they're 'commodity' malware," the researchers said in an analysis published yesterday.

Using Coin Miners to Blend In. Although the group's espionage and exfiltration tactics have essentially remained the same, the inclusion of coin miners in their arsenal points to a fresh way to monetize compromised networks, not to mention a crafty means of blending in and evading detection for as long as possible.

"Bismuth attacks put strong emphasis on hiding in plain sight by blending in with normal network activity or common threats that attackers anticipate will get low-priority attention," Microsoft said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/pnZL0J-vWqY/nation-state-hackers-caught-hiding.html