An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts. The actor has been running cyberespionage operations since at least 2012, Microsoft says. In recent campaigns, the hackers launched Monero coin miners on compromised systems belonging to private and government organizations in France and Vietnam. Microsoft says the hackers studied victims before sending spear-phishing emails created for a specific recipient to obtain initial access. The hackers also used DLL side-loading, a widely used technique that takes advantage of how Windows applications handle these file types to load a malicious DLL that spoofs a legitimate one.
Source: https://www.bleepingcomputer.com/news/security/cyberespionage-apt-group-hides-behind-cryptomining-campaigns/