Security News > 2020 > December > Cyberespionage APT group hides behind cryptomining campaigns
An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts.
In recent campaigns Bismuth launched Monero coin miners on compromised systems belonging to private and government organizations in France and Vietnam.
Microsoft believes Bismuth hackers used information from public sources to determine their targets and customize the messages.
The researchers were able to attribute these attacks to Bismuth based on a custom malware named KerrDown dropped during the infection chain and used exclusively by Bismuth.
"Because BISMUTH's attacks involved techniques that ranged from typical to more advanced, devices with common threat activities like phishing and coin mining should be elevated and inspected for advanced threats" - Microsoft.