According to a report released by Microsoft, Vietnamese state hackers have been deploying cryptocurrency mining malware to turn a profit off of the networks of organizations they are spying on. One group in particular was observed using this tactic, APT32. This group has been associated with several sophisticated cyber espionage campaigns targeting the Chinese government.
Over the past summer, APT32 deployed Monero coin minors in attacks on a diverse group of industries, including those in both the public and private sectors. The distribution of the coin minors is, according to Microsoft, either a way to generate extra revenue or a detection evasion attempt. The coin minors allowed for the threat actor group to mask its nefarious activities behind a larger and more potent threat. Due to the fact that this particular APT group tends to remain on networks for a long period of time, blending in to avoid detection is especially important.