APT32 is a Vietnam-based threat group that has targeted journalists, dissidents, large private enterprises, and government organizations in Southeast Asia. Founded in 2014, APT32 is also known as the OceanLotus Group. APT32’s targets are generally within Vietnam, the Philippines, Cambodia, and Laos. APT32 has also been called OceanLotus Group. It seems that most APT32 operations align with Vietnamese state interests, so the question of Vietnam nation-state sponsorship remains open and subject to additional research.
Cybersecurity researchers estimate that APT32 utilizes a custom suite of malware tools, augmented by commercially available devices, often typically found while “living off the land” inside targeted networks. They target foreign corporations in manufacturing, hospitality (hotels), and consumer products. These are all very significant commercial sectors within Vietnam. APT32 threat actors have also been opportunistically targeting network security and technology corporations.
Per FireEye, here are several breaches which have been attributed to APT32:
- A European corporation was targeted and compromised in 2014—they were involved in building manufacturing facilities within Vietnam.
- Multiple Vietnamese and foreign corporations involved with network security, technology infrastructure, media, and banking were all targeted and compromised in 2016.
- It also appears that in 2016 a large hospitality industry company was targeted and compromised—as this firm was expanding operations into Vietnam.
- More recently, U.S. and Philippine consumer products corporations with Vietnamese operations were the target of APT32 spyware and data exfiltration activities.
Dissidents and journalists have long been within the bullseye for APT32. APT32 conducted spyware attacks on Vietnam-based and non-profit human rights organizations. APT32 seemed to effortlessly penetrate these targets, use their malicious tools, and then monitor the targeted victims on an ongoing basis. The Electronic Frontier Foundation also appeared to be a victim of APT32 clandestine data collection activity.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.