Cyberespionage APT group hides behind cryptomining campaigns

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts.
Bismuth’s regularly targets human and civil rights organizations, but its list of victims includes multinational companies, financial services, educational institutions, and entities in the government sector.
The actor has been running cyberespionage operations since at least 2012. Its attacks have increased in complexity since then, combining custom tools with freely available ones.

In recent campaigns, though, Bismuth launched Monero coin miners on compromised systems belonging to private and government organizations in France and Vietnam.
Microsoft detected the attacks that occurred in July and August, saying that the cryptojacking activity did not change the actor’s objective, continuing to monitor and steal information of interest.
“The use of coin miners by BISMUTH was unexpected, but it was consistent with the group’s longtime methods of blending in” - Microsoft
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top