TL:DR Breakdown:
- Microsoft disclosed on Monday that Vietnamese hackers now run crypto-mining malware alongside their regular operations.
- This is an unwelcomed development once practiced by other hacking groups in popular countries like China and North Korea.
Vietnamese government-sponsored hackers have been allegedly caught by Microsoft, dipping their toes in illegal cryptocurrency mining activities. According to the technology giant, the Vietnamese hackers tracked as ”Bismuth” were running digital currency mining malware campaigns besides their cyber-espionage toolkits. Microsoft said it’s still unknown why the hackers decided to divert from their usual intelligence-gathering operation.
Microsoft says Vietnamese hackers launched Monero mining malware
The hacking group has been active for the past eight years, mostly working for the government to undertake certain decisions that pertain to the economy, politics, and policy decisions. However, the Vietnamese hackers began running mining malware for Monero (XMR) between July to August this year. The attack targeted both government and private institutions in the country and France, according to Microsoft.
Vietnamese hackers used sophisticated techniques to disguise their operations. The malware bypasses incident responders as it was mostly treated as low-priority random intrusions. The development indicates the group has shifted to making more revenue from systems the infected alongside their regular cyber-espionage operations. Meanwhile, launching such attacks in addition to digital currency mining malware also makes it difficult to differentiate intelligence-gathering operations from financially-motivated crime.
A similar line of crime
Per the report, Vietnamese hackers are not the first-ever group to deviate from their regular cyber operations. In recent years, many state-backed hacking groups in several countries like China, North Korea, Iran, and Russian, were caught attacking institutions for personal gains. The development today highlights that such illegal activities are still practiced in the cyber-security space.