APT 32

 





Overview

APT 32 is also known as Ocean Lotus, APT-C-00, SeaLotus, and Cobalt Kitty.  It is a suspected Vietnamese hacker group, active since 2014. It generally targets the entities considered hostile to Vietnameses nationalists interests. 

Hence, APT 32 targets the foreign companies doing business with Vietnam, Vietnamese government critics, local and ex-pat Vietnamese human rights activists, and rival South East Asian foreign governments, especially the Philippines and Cambodia. Its attacks often coincide with important contract and legal negotiations between foreign companies and the Vietnamese government. 

How Does It Works?

APT32 uses less sophisticated, distinct, and fully-featured commercially available tools and malware collection. They start with a highly customized spear-phishing campaigns containing malicious files attached to it. They are also laced with custom spyware toolkits, that can easily infect and steal information from macOS, Android, and Windows-based devices. 

METALJACK, Denis (or DenisRAT), Kerrdown, Windshield, Komprogo, and Soundbite are some malware strains exclusive to or closely associated with APT 32.

Tactics, Techniques, and Procedures

  • They hack the adversaries' websites to collect their information and track their user base. 

  • They use custom macOS malware with double extension technique or malicious Office macros written in the Perl programming language.

  • Make use of Facebook social networking to spread malware through social engineering attacks.

  • Cobalt Strike, a legitimate penetration testing tool is used as Command and Control (C2) spyware.

Prevention

Vigilant awareness about social engineering attacks, that prompts the victim to open files from an untrusted source, is the most effective way to prevent an APT32 attack. Organizations engaged with Vietnamese government should be more careful about any document or links posted in public social networking forums. 

Hence, user awareness training to educate internal staff about proper procedures for assessing as well as handling documents, and a full-fledged Defense-in-Depth-based cybersecurity program is the best way to prevent a successful APT32 attack.




















































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)