APT groups are not limited to Iran, Russia, China and North Korea, and a recent study from Microsoft confirms this. In a recently published report, the company’s specialists talked about a cybercriminal group, funded by the Vietnamese government, which uses cryptocurrency miners along with cyber espionage tools.
Cybercriminal group Bismuth, also known as APT32 and OceanLotus, has been active since 2012. Almost all of her activities consisted of conducting complex hacker operations both in Vietnam and abroad, in order to collect information that could help the government in making economic and political decisions. However, according to a Microsoft report, Bismuth changed its tactics this summer.
According to the researchers, in July-August 2020, the group began using the Monero cryptocurrency miner in attacks on private and government organizations in Vietnam and France. Why Bismuth decided to change its tactics is unknown, but experts have two versions.
The first version is that hackers deliberately began to use miners to disguise cyber espionage operations as ordinary cybercriminal campaigns that do not deserve the close attention of information security experts. The second version is that cybercriminals are looking for new ways to profit from systems that have been compromised in the course of cyber espionage operations.
The second version is quite consistent with the global trend – in recent years, APT groups from China, Russia, Iran and North Korea have carried out cyber attacks not only for cyber espionage purposes, but also for personal financial gain. Under the protection of the government, these groups feel impunity and operate from countries with which their goals do not have an extradition agreement.
Since Vietnam also does not have an extradition treaty with the United States, Bismuth’s cybercrime activities should be expected to expand. Moreover, according to experts, in the next decade Vietnam can become a center of cybercrime and a major player in the field of cyber espionage.