Home > List all groups > Bismuth

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Bismuth

NamesBismuth (Microsoft)
CountryVietnam Vietnam
MotivationInformation theft and espionage, Financial gain
First seen2012
Description(Microsoft) BISMUTH, which shares similarities with APT 32, OceanLotus, SeaLotus, has been running increasingly complex cyberespionage attacks as early as 2012, using both custom and open-source tooling to target large multinational corporations, governments, financial services, educational institutions, and human and civil rights organizations. But in campaigns from July to August 2020, the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam.
Because BISMUTH’s attacks involved techniques that ranged from typical to more advanced, devices with common threat activities like phishing and coin mining should be elevated and inspected for advanced threats. More importantly, organizations should prioritize reducing attack surface and hardening networks against the full range of attacks. In this blog, we’ll provide in-depth technical details about the BISMUTH attacks in July and August 2020 and mitigation recommendations for building organizational resilience.
ObservedSectors: Education, Financial, Government.
Countries: France, Vietnam.
Tools used

Last change to this card: 05 January 2021

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key