The malware double extortion website is again up, with new victims and a message: “Despite your hopes, we are with you again”.
BISMUTH is leveraging Monero crypto-miners to stay under the radar and establish persistence in targeted network. The APT attacked France and Vietnam for cyber espionage purposes
BISMUTH is leveraging cryptocurrency miners to stay under the radar and establish persistence in targeted networks. It has been discovered by Microsoft cybersecurity experts. The state-sponsored hackers, which have similarities with the Vietnam-linked group OceanLotus (aka APT32), has been running increasingly complex cyber espionage attacks as early as 2012, using both custom and open-source tooling to target large multinational corporations, governments, financial services, educational institutions, and human and civil rights organizations. But in campaigns from July to August 2020, the APT deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam.