Vietnamese Human Rights Group Targeted in Lengthy Cyberattack by APT32
A non-profit organization advocating Vietnamese human rights has become the focus of a prolonged campaign aimed at deploying various types of malware on compromised devices.
The cybersecurity firm Huntress has linked this activity to a threat group identified as APT32, a cyber gang aligned with Vietnam, also recognized as APT-C-00, Canvas Cyclone (previously known as Bismuth), Cobalt Kitty, and OceanLotus. The breach is estimated to have persisted for a minimum of four years.
According to security analysts Jai Minton and Craig Sweeney, “This infiltration shares numerous similarities with known methods employed by the threat actor APT32/OceanLotus and a familiar target audience consistent with APT32/OceanLotus’s victims.” (source)
OceanLotus, which has been active since at least 2012, has a record of targeting corporate and governmental networks in East Asian nations, especially Vietnam, the Philippines, Laos, and Cambodia, with the ultimate aim of cyber espionage and stealing intellectual property.
The sequences of attacks typically employ specific phishing baits as the initial entry point to introduce backdoors capable of executing arbitrary shellcode and gathering sensitive data. However, the group has also been spotted coordinating watering hole schemes as early as 2018 to infect website visitors with reconnaissance payloads or steal their login credentials.
The most recent series of attacks identified by Huntress targeted four devices, each of which was compromised to include various scheduled tasks and Windows Registry keys responsible for initiating Cobalt Strike Beacons – a backdoor permitting the theft of Google Chrome cookies from all user profiles on the system – and loaders to launch embedded DLL payloads.
These developments coincide with an ongoing operation
About Author
