Microsoft reports Vietnam based hackers could be behind the crypto mining malware campaign

On Monday Microsoft made a statement saying that Hackers have been spotted deploying cryptocurrency-mining malware. These hackers are reported to be, government-backed Vietnamese hackers and they are deploying this malware along with their regular cyber-espionage toolkits.

This Vietnamese group called Bismuth has been active since 2012. It is mostly recognized via codenames such as APT32 and Ocean Lotus, reports Microsoft.

Researchers Detect Ambitious Bitcoin Mining Malware Campaign Targeting  1,000s Daily

These reports show us the growth in numbers of state-backed hacking groups testing the waters of regular cybercrime operations, therefore making it extremely difficult to differentiate crime with the motive to harness money from intelligence-gathering operations. This is now a very much growing trend in the cybersecurity industry.

In its report, Microsoft also published that it has recently observed a change in the group’s tactics. The group has spent most of its lifetime organizing complex hacking operations, both in Vietnam and abroad. Its purpose has always been helping their government deal with political, economic, and foreign policy decisions, by gathering information via hacking.

The group deployed Monero coin miners in its campaigns from July to August 2020. These attacks targeted both the private sector and government institutions in France and Vietnam, Microsoft reported. Microsoft has two theories as to why the group might have made these changes:

The first theory is that the group might be using crypto-mining malware, which is usually associated with cybercrime operations. This is to disguise its attacks from incident responders and to trick them to believe that the attacks are random intrusions having a low priority.

The second theory might be that the group is experimenting with new ways of generating revenue from systems they infected. This is also a part of their regular cyber-espionage operations.

Such groups like Bismuth, operate under the direct protection of their local governments. They also operate from within countries as contractors or intelligence agents. these countries don’t have treaties with the United Staes, which allows them to carry out any attack without fear of consequences.

With Vietnam expected to be “on the edge” to become a future cybercrime hub and the country also lacking an extradition treaty with the US, Bismuth’s expansion into cybercrime is considered a given and it could be a major cyber-espionage player in the next decade.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i