Get the scoop on finance - sign up for mobile alerts
Scams, Hacks & Breaches
| On
December 2, 2020

Microsoft Threat Intelligence Team Says Cyber Thieves Using Crypto Asset Monero As Decoy While Attacking Nation States

By Daily Hodl Staff

The Microsoft Threat Intelligence Center (MSTIC) says that a nation-state hacker group is using crypto mining malware and other advanced tools to cover up nefarious attacks.

The group known as BISMUTH initially used open-source and custom tools to target multinational corporations, human rights organizations, and financial institutions among others, says Microsoft in a new report.

ADVERTISEMENT

Since then, the group has been deploying more and more complicated techniques to fly under the radar and cover up malicious activities, as evident in their latest attacks in July and August this year, in which they deployed Monero (XMR) coin mining trojans to target private and public institutions in France and Vietnam.

BISMUTH attacks emphasize hiding in plain sight, notes Microsoft. By deploying coin miners as a distraction technique, Bismuth could hide its other activities behind less-alarming threats.

“While this actor’s operational goals remained the same – establish continuous monitoring and espionage, exfiltrating useful information as is it surfaced – their deployment of coin miners in their recent campaigns provided another way for the attackers to monetize compromised networks.”

Microsoft warns that users should be on the lookout and protect themselves from the usual tactics deployed by BISMUTH.

ADVERTISEMENT

“Because BISMUTH’s attacks involved techniques that ranged from typical to more advanced, devices with common threat activities like phishing and coin mining should be elevated and inspected for advanced threats. More importantly, organizations should prioritize reducing attack surface and hardening networks against the full range of attacks.”

To build resilience against these types of attacks, Microsoft says organizations should focus on configuring email filters to block phishing and spoofed emails, spam, and emails with malware. The tech giant also recommends educating users, disabling macros, and restricting servers from making any arbitrary connection.

&nbsp
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/agsandrew