An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts.
Coin mining is typically regarded as a non-critical security issue, so the method allowed the actor to establish persistence and move laterally on the compromised network, at the same time monetizing from the attack.
Bismuth’s regularly targets human and civil rights organizations, but its list of victims includes multinational companies, financial services, educational institutions, and entities in the government sector.
Read more…
Source: Bleeping Computer