A new threat actor, tracked as “Vivin,” is found conducting a long-term cryptomining campaign. The group is responsible for mining thousands of U.S. dollars in Monero cryptocurrency off of their infected hosts.This actor used pirated software as an initial infection vector, masquerading their malware as popular software. Once the initial infection was completed “Vivin” quickly moved to common Windows tools. This actor has been successful pivoting their infrastructure and wallets as needed to maintain effectiveness. Vivin set their miners to utilize up to 80 percent of a system’s CPU resources.