Microsoft researchers have found that the Vietnamese government hackers Bismuth began to follow the example of their Chinese “colleagues” and now make money from mining, since cyber espionage does not bring income.
The company notes that more and more government hack groups are engaged in various criminal operations, which ultimately makes it difficult to separate financially motivated crimes from government espionage operations.In particular, the company’s latest report refers to the Vietnamese hack group Bismuth, which has been active since 2012 and is better known by names such as APT32 and OceanLotus.
“Usually this group carries out complex espionage operations, both abroad and inside Vietnam. Their purpose, as a rule, is to collect various information that can help the government of the country in making political, economic and foreign policy decisions”, – told Microsoft.
However, researchers have now noticed that the group’s tactics have changed. The report states that between July and August 2020, Bismuth members actively mined Monero and attacked both the private sector and government institutions in France and Vietnam.
Microsoft experts have two theories about this.
“Perhaps the group is using mining malware to disguise their attacks, making cybersecurity specialists believe that they are dealing with an ordinary and minor threat, and not with a serious government hack group. Or Bismuth is experimenting with new ways to generate income from infected systems, and mining is really a source of extra money for hackers”, – suggest at Microsoft.
The second theory of specialists fits well with the general trend that researchers have been observing for quite a long time: in recent years, government hack groups from China, Russia, Iran and North Korea have also regularly attacked various targets in order to simply make money for personal needs.
Often, such attacks are result of complete impunity. The fact is that such groups often operate under the direct protection of local authorities, or are contractors, intelligence officers, and operate from countries that do not have extradition treaties with the United States. Therefore, hackers can carry out any attacks with little or no consequence.
And recall this enchanting story when the creation of the Chinese Comac C919 aircraft was accompanied by hacker attacks and cyber espionage.
And also recall that According to Bloomberg, Chinese hackers could steal innovations from computer networks of Canadian Nortel and, probably, their success in the development of 5G Huawei may be due to cyber espionage.