Microsoft on Monday highlighted a growing trend of state-sponsored hackers disguising themselves as financially motivated hackers rather than being motivated by espionage. The company illustrated this by sharing from the Vietnamese group BISMUTH (via ZDNet). A group known as BISMUTH recently tried a new tactic that centered around crypto mining, which is different than their normal method of attack.
The Microsoft Defender team explained on Monday:
While this actor’s operational goals remained the same—establish continuous monitoring and espionage, exfiltrating useful information as is it surfaced—their deployment of coin miners in their recent campaigns provided another way for the attackers to monetize compromised networks. Considering some of the group’s traditional targets are human and civil rights organizations, BISMUTH attacks demonstrate how attackers give little regard to services they impact.
In other words, Microsoft says that while BISMUTH remains primarily an espionage outfit, it won’t turn down any money it receives from crypto ransom. It also helps if targets — once they locate BISMUTH-planted malware — write it off as “less alarming” and “commodity” intrusions.
Microsoft’s security team does have a few takeaways from this little story that users in all walks of life could take heed of. The company reminded users