Vietnamese-supported hackers are expanding their cybercrime resume, adding cryptojacking malware campaigns to their primary objective: cyber-espionage. Microsoft unveiled the news in a report, saying it has noticed a change in the group’s hacking strategies over the summer.
Members of the gang focused mainly on gathering intelligence for the Vietnamese government by launching advanced cybercrime operations inside the country and abroad. The collected information helped officials deal with economic and political decisions. But during the summer, hackers introduced Monero coin miners in attacks against the private and public sectors in Vietnam and France.
Microsoft named the group BISMUTH and believes its members switched tactics to cover their spying activities and throw incident responders off guard. Another theory is that the gang is looking for new ways to make money from the devices they infiltrate when gathering data.
Cryptojacking or cryptomining malware is designed to remain hidden on computers or other devices as long as possible. Once the code auto- executes, cybercriminals will use it to hijack the machine’s resources, like computing power and processing unit, and mine cryptocurrencies. This will cause devices to heat up and slow down while also driving the electricity bill through the roof.
BISMUTH Not Alone in Cryptojacking Malware Campaigns
The report also mentioned that several state-backed cybercrime groups are launching cryptojacking malware attacks along with their original espionage operations. These crews work for their respective governments, which means they operate under their protection.
Moreover, several countries that hire hackers don’t have extradition treaties with the US, allowing them to carry out attacks without fearing any consequences. That is why it’s no surprise that BISMUTH, AKA OceanLotus or APT32, has engaged in cryptomining malware campaigns.
Vietnam has no extradition agreement with the US and is poised to become a major player in cybercrime and espionage scenes.
Cyber threats are growing at a substantial rate and becoming much more advanced, allowing them to override the most secure defense systems. Therefore, users must employ advanced cybersecurity tools and methods. That includes reputable VPNs, antivirus software, secure and unique passwords, and two-factor authentication (2FA).