News APT32 has been attacking Vietnamese human rights activists with spyware for years


Tasken

Advanced
Joined
22.09.20
Messages
127
Reaction score
1,061
Points
63
The attacks are part of an ongoing campaign aimed at spying on Vietnamese human rights activists, bloggers and non-profit organizations.

The Vietnamese hacker group APT32 (also known as OceanLotus and SeaLotus) organized a series of spyware attacks targeting Vietnamese human rights defenders between February 2018 and November 2020. The attackers also attacked a non-profit human rights organization from Vietnam, according to experts from the human rights organization Amnesty International.

The spyware used by the APT32 hackers allowed them to read and write documents on compromised systems, run malicious tools and programs, and track the actions of their victims.

According to experts, the attacks are part of an ongoing campaign aimed at spying on Vietnamese human rights activists, bloggers and non-profit organizations (both inside and outside Vietnam).

All attacks were carried out by sending emails purporting to contain an important document with a link to download the file. The attackers sent the victims emails containing spyware, and the payload was installed on Windows computers using the Kerrdown loader. The attackers downloaded and deployed the Cobalt Strike beacons to gain permanent remote access to the compromised systems.

In the case of Mac users, the APT32 participants used a backdoor in macOS discovered as part of previous attacks on Vietnamese targets. The malware is designed to allow attackers to upload, download, and execute arbitrary commands.
 
Top Bottom