Understanding Attacks Linked to APT32

 






To know more about it, you can go through my detailed document by clicking here







Overview

APT32 or OceanLotus is a Vietnamese hacker group famous for targeting political dissidents, government officials, and businesses linked with Vietnam. It had reportedly attacked Ministry of Emergency Management as well as the Wuhan Municipal government of China in 2020 to obtain information about Covid-19 pandemic. 

APT32 also spreads malware via Google Play Store, fake news websites, facebook pages and also launches spyware attacks on Vietnamese Human Rights Activists.

APT32 Targets on Private Companies

  • A European corporation was attacked in 2014 before constructing a manufacturing facility in Vietnam.

  • Some of the Vietnamese as well as foreign companies related to network security, technology infrastructure, banking, media, etc. were compromised in 2016. 

  • A Global hospitality industry developer networks (partnering-up with Vietnam) were attacked in mid-2016.

  • Two other subsidiaries of U.S.A. and the Philippines consumer products were attack between 2016 and 2017.

APT32 Attacks on Government Sector

  • Various journalists, dissidents, activists, and bloggers were always a common targets of APT32 operations.

  • A security research division of Chinese firm Qihoo 360, was attacked in 2015 by APT32.

  • Two other Vietnamese media outlets were also attacked with APT32 malware between 2015 and 2016.

  • Members of the Vietnam diaspora in Australia and government officials in the Philippines were also targeted by APT32 in 2017.

APT32 Attack Tactics

APT32 always attacks stealthily on their targets;
  • It may use a privilege escalation exploit masquerading as a Window hotfix.

  • During one of the investigations, APT32 deployed its malware as a software deployment task in which all the systems pulled their payload from the same server.

  • It may also use some hidden or non-printing characters to visually camouflage its malware on a system.   














To know more about it, you can go through my detailed document by clicking here



Comments

Popular posts from this blog

Deployment (Part 3)

Project Resourcing (Part 2)

Design Planning (Part 3)