Hackers Using Monero Mining Malware as Decoy, Warns Microsoft

Crypto-jacking is giving nation-state hackers a decoy for their more malicious attacks, Microsoft cautioned in a report.

AccessTimeIconDec 1, 2020 at 6:15 p.m. UTC
Updated Sep 14, 2021 at 10:36 a.m. UTC

Crypto-jacking is giving nation-state hackers a decoy for their more malicious attacks, warned Microsoft in a Monday report.

The company's intelligence team said a group called BISMUTH hit government targets in France and Vietnam with relatively conspicuous monero mining trojans this summer. Mining the crypto generated side cash for the group, but it also distracted victims from BISMUTH's true campaign: credential theft.

Crypto-jacking "allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re 'commodity' malware," Microsoft concluded. It said the conspicuousness of monero mining fits BISMUTH's "hide in plain sight" MO.

Microsoft recommended organizations stay vigilant against crypto-jacking as a possible decoy tactic.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Investing in the Future of the Digital Economy
October 18-19 | Spring Studio, NYC