Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
adv ex on 5 january 2024
adv ex on 22 February 2024
adv ex on 22 February 2024
banner Expire 26 April 2024
Rescator cvv and dump shop
banner expire at 13 May

Yale lodge shop
UniCvv
banner Expire 1 April  2021

Vietnamese State Hackers Deploy Coin Miners to Victims

Premiums

TRUSTED VENDOR
Joined
Dec 5, 2020
Messages
1,312
Vietnamese state-backed hackers have been observed deploying cryptocurrency mining malware to monetize the networks of victim organizations they’re also spying on, according to Microsoft.

APT32, (aka Ocean Lotus, BISMUTH), has in the past been associated with sophisticated cyber-espionage campaigns aimed at targets as diverse as carmakers and local Chinese government departments.

However, from July to August 2020, the group deployed Monero coin miners in attacks targeting private and public sector organizations in France and Vietnam. Doing so may be part of a plan to generate extra revenue alongside such attacks, or an attempt to stay hidden, Microsoft claimed.

“The coin miners also allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re ‘commodity’ malware,” it said in a blog post.

“If we learned anything from ‘commodity’ banking trojans that bring in human-operated ransomware, we know that common malware infections can be indicators of more sophisticated cyberattacks and should be treated with urgency and investigated and resolved comprehensively.”

Other tactics designed to “blend in” include the targeting of only one individual in an organization with spear-phishing; in some cases, the attackers even corresponded with their victims to encourage them to open the malicious attachment.

Another is the use of DLL side-loading via outdated applications including Microsoft Defender Antivirus.

“Blending in was important for BISMUTH because the group spent long periods of time performing discovery on compromised networks until they could access and move laterally to high-value targets like servers, where they installed various tools to further propagate or perform more actions,” noted Microsoft.

“At this point in the attack, the group relied heavily on evasive PowerShell scripts, making their activities even more covert.”

Organizations faced with this threat group should focus on reducing the attack surface via user education, disabling Macros, tweaking email filters and other techniques, improving credential hygiene through MFA and stopping attack sprawl with intrusion detection, firewalls and other tools.
 

Veronautb

New member
Joined
Mar 30, 2021
Messages
1
Могу я связаться с админом ??
Речь идет о рекламе на вашем сайте.
С уважением.
 

Ilushikybj

New member
Joined
Apr 3, 2021
Messages
1
Где администрация?
Это очень важно.
С уважением.
 
Top Bottom