Category Archives: APT32

Vietnamese hackers spent years harassing human rights activists with spyware

Posted on by

For the past several years a Vietnamese hacking group best known for its attacks on the auto sector has been targeting activists and non-governmental organizations with spyware, according to an Amnesty International investigation published Wednesday. The suspected government-linked hackers, known as OceanLotus or APT32, specifically targeted pro-democracy activist Bui Thanh Hieu, who writes about human rights and economic justice, with spyware on four occasions between February 2018 and December 2019, according to the investigation. The same group launched spyware against a blogger, who has written on a violent police clash in Vietnam in 2009, three times between July and November of last year. Bui Thanh Hieu has been exiled in Germany since 2013. Amnesty did not identify the blogger out of concern for their safety. The hackers also went after the Vietnamese Overseas Initiative for Conscience Empowerment (VOICE), which works on behalf of Vietnamese refugees resettling, in April of 2020. […]

The post Vietnamese hackers spent years harassing human rights activists with spyware appeared first on CyberScoop.

Continue reading Vietnamese hackers spent years harassing human rights activists with spyware

Facebook links activities of OceanLotus hackers to IT firm in Vietnam

Posted on by

By Deeba Ahmed
The social network has barred Vietnamese APT32 and a Bangladeshi group of hackers from using its platforms for their malicious purposes.
This is a post from HackRead.com Read the original post: Facebook links activities of OceanLotus hac… Continue reading Facebook links activities of OceanLotus hackers to IT firm in Vietnam

Facebook says it disrupted cyber-espionage in Vietnam, Bangladesh

Posted on by

Facebook says it has uncovered plots by two hacking campaigns to “abuse our platform, distribute malware and hack people’s accounts,” one originating in Vietnam, the other in Bangladesh. In a blog post late Thursday, two cybersecurity officials from the social media giant pinned the Vietnam-based activity on APT32, the advanced persistent threat group also known as Ocean Lotus. In Bangladesh, the perpetrators appear to be two largely unknown “non-profit” groups, Facebook says. “The operation from Vietnam focused primarily on spreading malware to its targets, whereas the operation from Bangladesh focused on compromising accounts across platforms and coordinating reporting to get targeted accounts and Pages removed from Facebook,” wrote Nathaniel Gleicher, the company’s head of security policy and Mike Dvilyanski, its cyberthreat intelligence manager. APT32’s efforts involved a Vietnamese IT company, the researchers said, making it the latest example of hacking groups using corporate disguises. In early November, cybersecurity company Volexity […]

The post Facebook says it disrupted cyber-espionage in Vietnam, Bangladesh appeared first on CyberScoop.

Continue reading Facebook says it disrupted cyber-espionage in Vietnam, Bangladesh

Cryptocurrency miners were ‘distraction technique’ in APT’s espionage campaigns, Microsoft says

Posted on by

Sometimes a sneaky Monero miner is more than just a sign of a crook. Cyber-espionage campaigns this summer in France and Vietnam deployed cryptocurrency mining software on victims’ networks to help draw attention away from the hackers’ spying tools, Microsoft says in a new report. The company’s threat intelligence unit has pinned the activity on an advanced persistent threat (APT) group it calls Bismuth, more commonly known as APT32 or OceanLotus. “Recent campaigns from the nation-state actor BISMUTH take advantage of the low-priority alerts coin miners cause to try and fly under the radar and establish persistence,” the researchers say in a report released Monday. In this case, the coin miners collected Monero, a cryptocurrency with a reputation for being harder to trace than other digital coins. The hacking group — which other cybersecurity researchers have linked to the Vietnamese government — has been developing new techniques to break into […]

The post Cryptocurrency miners were ‘distraction technique’ in APT’s espionage campaigns, Microsoft says appeared first on CyberScoop.

Continue reading Cryptocurrency miners were ‘distraction technique’ in APT’s espionage campaigns, Microsoft says

MacOS backdoor appears to be update of tool previously used by Vietnam-linked group

Posted on by

The hacking group known as APT32 or OceanLotus appears to have a new version of a tool used to infiltrate MacOS computers, according to researchers with cybersecurity company Trend Micro. The malicious software arrives as a .zip file that tries to disguise itself with a Microsoft Word icon, and it is engineered to evade detection by antivirus software, Trend Micro says. Once activated, the malware serves as a backdoor for other payloads that can exfiltrate data from an infected machine. It’s the latest sign of expanded or upgraded tactics from APT32, which is known for espionage campaigns that target Southeast Asia. Recent discoveries attributed to the group include efforts to use imitation news sites to spy on users and sometimes infect their machines with malware, and using the Google Play Store to distribute apps surreptitiously loaded with spyware. In this case, the MacOS backdoor appears to aimed at computers in Vietnam itself. “The […]

The post MacOS backdoor appears to be update of tool previously used by Vietnam-linked group appeared first on CyberScoop.

Continue reading MacOS backdoor appears to be update of tool previously used by Vietnam-linked group

Vietnamese hacking group OceanLotus uses imitation news sites to spread malware

Posted on by

Suspected Vietnamese government-linked hackers are behind a series of fake news websites and Facebook pages meant to target victim with malicious software, according to Volexity research published Friday. The hackers, known as OceanLotus or APT32, historically have targeted companies that have business interests in Vietnam. In this case, the fake sites and Facebook pages, which were set up within the last year, were intended for targets in Vietnam and across Southeast Asia, according to Volexity researchers. The attackers appear to have dual aims in their campaign — first, to gather information about the visitors to the fake media sites through a web profiling framework. They also occasionally target victims with malware meant to log targets’ keystrokes. Earlier this year, Kaspersky researchers revealed the hackers have been using the Google Play Store to disperse malware, suggesting both domestic and foreign intelligence collection requirements. This April, when the coronavirus was spreading around the world, the same group began sending malware to […]

The post Vietnamese hacking group OceanLotus uses imitation news sites to spread malware appeared first on CyberScoop.

Continue reading Vietnamese hacking group OceanLotus uses imitation news sites to spread malware

APT Attack Injects Malware into Windows Error Reporting

Posted on by

The fileless attack uses a phishing campaign that lures victims with information about a worker’s compensation claim. Continue reading APT Attack Injects Malware into Windows Error Reporting