Microsoft linked Vietnamese government hackers Bismuth to mining campaigns

Microsoft researchers have found that the Vietnamese government hackers Bismuth began to follow the example of their Chinese “colleagues” and now make money from mining, since cyber espionage does not bring income.

The company notes that more and more government hack groups are engaged in various criminal operations, which ultimately makes it difficult to separate financially motivated crimes from government espionage operations.

In particular, the company’s latest report refers to the Vietnamese hack group Bismuth, which has been active since 2012 and is better known by names such as APT32 and OceanLotus.

“Usually this group carries out complex espionage operations, both abroad and inside Vietnam. Their purpose, as a rule, is to collect various information that can help the government of the country in making political, economic and foreign policy decisions”, – told Microsoft.

However, researchers have now noticed that the group’s tactics have changed. The report states that between July and August 2020, Bismuth members actively mined Monero and attacked both the private sector and government institutions in France and Vietnam.

Microsoft experts have two theories about this.

“Perhaps the group is using mining malware to disguise their attacks, making cybersecurity specialists believe that they are dealing with an ordinary and minor threat, and not with a serious government hack group. Or Bismuth is experimenting with new ways to generate income from infected systems, and mining is really a source of extra money for hackers”, – suggest at Microsoft.

The second theory of specialists fits well with the general trend that researchers have been observing for quite a long time: in recent years, government hack groups from China, Russia, Iran and North Korea have also regularly attacked various targets in order to simply make money for personal needs.

Often, such attacks are result of complete impunity. The fact is that such groups often operate under the direct protection of local authorities, or are contractors, intelligence officers, and operate from countries that do not have extradition treaties with the United States. Therefore, hackers can carry out any attacks with little or no consequence.

And recall this enchanting story when the creation of the Chinese Comac C919 aircraft was accompanied by hacker attacks and cyber espionage.

And also recall that According to Bloomberg, Chinese hackers could steal innovations from computer networks of Canadian Nortel and, probably, their success in the development of 5G Huawei may be due to cyber espionage.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button