Microsoft Warns Cybersecurity Threat Posing as Monero Miners Attempts to Extract Data
A recently released Microsoft report has revealed that threat actors at the state level are now using coin miner techniques to cover their tracks or blend in. The report, which was published on Nov 30, highlights a recent attempt by state threat actor ‘BISMUTH,’ which leveraged Monero coin miners to infiltrate both government and private sector institutions in Vietnam and France.
While crypto-related cyber-crime activity is considered low risk, it appears that malicious attackers are now capitalizing on the nascent technology to advance their agendas. Per the Microsoft report, BISMUTH used the Monero coin miners as a decoy to distract security teams from tracking their real activity, which was data extraction. The report reads,
“The coin miners also allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re ‘commodity' malware.”
BISMUTH also used the DLL replacing tactic to further reduce their conspicuousness, given that it takes long time periods to extract information from the compromised applications. The group, famous for blending in techniques, pulled a new one with crypto miners, although the report notes a consistency in their pattern.
“The use of coin miners by BISMUTH was unexpected, but it was consistent with the group’s longtime methods of blending in.”
The report recommends that organizations prioritize reducing surface attacks by elevating and inspecting common threats such as phishing and coin miner techniques in a more advanced manner.