A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research.
Attributing the shift to a threat actor tracked as Bismuth, Microsoft’s Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam between July and August earlier this year.
“The coin miners also allowed Bismuth to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re ‘commodity’ malware,” the researchers said in an analysis published yesterday.
The primary victims of the attack have been traced to state-owned enterprises in Vietnam and entities with ties to a Vietnamese government agency.
The Windows maker likened Bismuth to OceanLotus (or APT32), linking it to spyware attacks using both custom and open-source toolsets to target large multinational corporations, governments, financial services, educational institutions, and human and civil rights organizations.
The development comes as…