BSV
$67.7
Vol 82.88m
-0.27%
BTC
$90963
Vol 49578.78m
0.13%
BCH
$440.23
Vol 1004.6m
-0.79%
LTC
$87.71
Vol 2381.52m
-0.09%
DOGE
$0.36
Vol 9733.17m
-2.09%
Getting your Trinity Audio player ready...

Hackers are using cryptojacking malware as a cover for more serious attacks, according to a report published by security researchers at Microsoft.

In a paper published by the tech company’s intelligence team, malicious actors are fronting attacks with cryptojacking scripts to present a decoy from more significant attacks, namely credential theft.

The report identifies a malicious group called BISMUTH, which has attacked a number of targets linked to governments in Vietnam and France in recent weeks. Ostensibly these have presented as cryptojacking attacks, harnessing excess processing power to mine for digital currency.

However, the report says this is merely generating incidental income for the group, while they focus on the real target of their efforts—the theft of credentials which allow access to sensitive government systems.

The group have deployed the attacks using a cryptojacking script that mines for Monero, the secretive privacy coin often associated with hacking attacks and illegality. According to the researchers, the script is somewhat more conspicuous than they would ordinarily expect, with minimal efforts made to cover tracks.

The paper said this strategy “allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re ‘commodity’ malware.”

According to Microsoft, this fits the group’s preferred MO, one of “hiding in plain sight.” The report concludes by urging organizations to be aware of the risks of cryptojacking as a decoy, and to take steps to identify and prevent attacks of this kind from taking hold.

Monero cryptojacking as an attack in its own right has exploded in recent years, infecting systems around the world to divert processing power to mining cryptocurrency for hacking groups.

The more sophisticated style exhibited by BISMUTH is further cause for concern for organizations safeguarding sensitive state information, as well as threatening core systems for public administration.

See also: Blockchain Intelligence Group’s presentation at CoinGeek Live, “Blockchain Intelligence: Analytics, Forensics & Compliance Tools for Bitcoin SV

Recommended for you

Sentinel Node upholds heightened security with 56M snapshots
CERTIHASH keeps up with its mission to offer enterprises heightened security for their data with BSV-powered Sentinel Node, recently registering...
November 14, 2024
ODHack 9.0: Better wallet, easy testnet coins for developers
OnlyDust's ODHack 9.0 hackathon event provides developers building on the BSV blockchain with new ways to test their applications without...
November 8, 2024
Advertisement
Advertisement
Advertisement