Some other state-backed threat actors, most notably North Korean groups, have made the transition to start carrying out cyber-crime attacks instead of only intelligence gathering. Carrying out cyber-crime attacks such as these allow the group to disguise some of their attacks and make it harder for analysts to track the group. An alternate theory for why government-backed threat groups would choose to mine Monero cryptocurrency is that Monero allows the threat actors to pay for leased server infrastructure anonymously, making it harder for investigators to trace. Another reason some groups have made the shift for revenue-generating attacks is because many of them work on behalf of their host country, which gives them a sense of immunity from prosecution. And since many of the countries do not have extradition treaties with the United States, there is no way to stop the expansion of cyber-crime in these countries. To prevent attacks like these, defenders should have monitoring in place such as Binary Defense’s Managed Detection and Response to identify and prevent these attacks. Anyone using a personal computer should have anti-virus installed on their machine to identify these attacks or other cryptocurrency mining malware.

More can be read here: https://www.zdnet.com/article/microsoft-links-vietnamese-state-hackers-to-crypto-mining-malware-campaign/