August 29, 2024 at 12:24PM
A non-profit supporting Vietnamese human rights has been targeted by a multi-year cyber espionage campaign attributed to APT32. The group uses various malware delivery methods, including spear-phishing and watering hole attacks. The intrusion has resulted in the compromise of several hosts and the theft of sensitive information, with a focus on East-Asian countries.
Key takeaways from the meeting notes on Cyber Espionage / Malware:
– A non-profit supporting Vietnamese human rights has been the target of a multi-year cyber espionage campaign by a threat cluster known as APT32, also known as APT-C-00, Canvas Cyclone, Cobalt Kitty, and OceanLotus.
– OceanLotus, active since at least 2012, has a history of targeting company and government networks in East-Asian countries with the goal of cyber espionage and intellectual property theft.
– The group’s attack chains typically involve spear-phishing lures to deliver backdoors capable of running arbitrary shellcode and collecting sensitive information, as well as orchestrating watering hole campaigns to infect site visitors with reconnaissance payloads or harvesting credentials.
– The latest set of attacks by APT32 involved four compromised hosts, each with scheduled tasks and Windows Registry keys responsible for launching backdoors and loaders for embedded DLL payloads, including the theft of Google Chrome cookies and launching Cobalt Strike Beacons.
Stay tuned on Twitter and LinkedIn for more exclusive content.