Microsoft reports Vietnam based hackers could be behind the crypto mining malware campaign
On Monday Microsoft made a statement saying that Hackers have been spotted deploying cryptocurrency-mining malware. These hackers are reported to be, government-backed Vietnamese hackers and they are deploying this malware along with their regular cyber-espionage toolkits.
This Vietnamese group called Bismuth has been active since 2012. It is mostly recognized via codenames such as APT32 and Ocean Lotus, reports Microsoft.
These reports show us the growth in numbers of state-backed hacking groups testing the waters of regular cybercrime operations, therefore making it extremely difficult to differentiate crime with the motive to harness money from intelligence-gathering operations. This is now a very much growing trend in the cybersecurity industry.
In its report, Microsoft also published that it has recently observed a change in the group’s tactics. The group has spent most of its lifetime organizing complex hacking operations, both in Vietnam and abroad. Its purpose has always been helping their government deal with political, economic, and foreign policy decisions, by gathering information via hacking.
The group deployed Monero coin miners in its campaigns from July to August 2020. These attacks targeted both the private sector and government institutions in France and Vietnam, Microsoft reported. Microsoft has two theories as to why the group might have made these changes:
The first theory is that the group might be using crypto-mining malware, which is usually associated with cybercrime operations. This is to disguise its attacks from incident responders and to trick them to believe that the attacks are random intrusions having a low priority.
The second theory might be that the group is experimenting with new ways of generating revenue from systems they infected. This is also a part of their regular cyber-espionage operations.
Such groups like Bismuth, operate under the direct protection of their local governments. They also operate from within countries as contractors or intelligence agents. these countries don’t have treaties with the United Staes, which allows them to carry out any attack without fear of consequences.
With Vietnam expected to be “on the edge” to become a future cybercrime hub and the country also lacking an extradition treaty with the US, Bismuth’s expansion into cybercrime is considered a given and it could be a major cyber-espionage player in the next decade.