Microsoft links Vietnamese hackers to cryptomining malware campaign

Microsoft has revealed that Vietnamese government-backed hackers are deploying cryptocurrency-mining malware alongside their regular cyber-espionage toolkits.

The report highlights a growing trend in the cyber-security industry where an increasing number of state-backed hacking groups are also dipping their toes into regular cybercrime operations, making it harder to distinguish financially-motivated crime from intelligence gathering operations.

Tracked by the Microsoft 365 Defender Threat Intelligence Team as Bismuth, the Vietnamese group has been active since 2012 and is more widely known as APT32 and OceanLotus.

“BISMUTH has been running increasingly complex cyber-espionage attacks as early as 2012, using both custom and open-source tooling to target large multinational corporations, governments,