Vietnamese Hackers Attack Dissidents And Private Sector Targets

Vietnamese state-supported hackers “Ocean Lotus” (APT32) have reportedly targeted journalists, human rights activists, and freedom of speech advocates from 2018-2020.

Amnesty International’s Security Lab disclosed the group used spyware and mining malware against an activist residing in Germany and an NGO in the Philippines. 

Vietnamese writer and activist Bui Thanh Hieu who is now based in Berlin said that there were repeated attempts to have Facebook disable his account which was used to publish his blog. 

Another target was Vietnamese NGO (VOICE – Vietnamese Overseas Initiative for Conscience Empowerment), which is based in the Philippines.

VOICE  staff members and volunteers have been targeted with phishing emails.

The staff and volunteers have also been repeatedly harassed, banned from travelling, and had passports confiscated when they returned home to Vietnam. 

Ocean Lotus reportedly utilized Cobalt Strike beacons to breach Windows systems while they used a backdoor identified by TrendMicro on victims who used Macs. 

The spyware payloads were delivered using emails containing malicious files or links to compromised websites. 

“These latest attacks by Ocean Lotus highlight `the repression Vietnamese activists at home and abroad face for standing up for human rights. This unlawful surveillance violates the right to privacy and stifles freedom of expression,” said Likhita Banerji a researcher at Amnesty Tech.

Amnesty International also said in their report, Let Us Breathe on how Facebook and Google cooperating with the Vietnamese censorship program. 

Ocean Lotus has not been acknowledged by the Vietnamese government but cybersecurity firm FireEye and the Electronic Frontier Foundation (EFF)  reported last year that the group was operating out of Vietnam.

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.