Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster tracked as APT32, a Vietnamese-aligned hacking crew that's also...

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. "SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory...

Facebook links activities of OceanLotus hackers to IT firm in Vietnam

By Deeba Ahmed The social network has barred Vietnamese APT32 and a Bangladeshi group of hackers from using its platforms for their malicious purposes. This is a post from HackRead.com Read the original post: Facebook links activities of OceanLotus hackers to IT firm in Vietnam...

Facebook Shutters Accounts Used in APT32 Cyberattacks

Facebook has shut down several accounts and Pages on its platform, which were used to launch phishing and malware attacks by two cybercriminal groups: APT32 in Vietnam and an unnamed threat group based in Bangladesh. Click to register. The social-media giant said it has removed both groups’ abili...

Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam

Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware. Tracked as APT32 or Bismuth, OceanLotus, and Cobalt Kitt...

OceanLotus hackers injecting malware in Windows error report

By Waqas OceanLotus is a Vietnamese APT32 group previously known for targeting Android and Mac devices with malware. This is a post from HackRead.com Read the original post: OceanLotus hackers injecting malware in Windows error report...

APT Attack Injects Malware into Windows Error Reporting

A campaign that injects malware into the Windows Error Reporting WER service to evade detection is potentially the work of a Vietnamese APT group, researchers said. The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campai...

Powerglot - Encodes Offensive Powershell Scripts Using Polyglots

Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections,...

Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage

From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China's Ministry...

OceanLotus APT Uses Steganography to Shroud Payloads

The advanced persistent threat APT group OceanLotus has switched up its tactics to use steganography to cloak encrypted payloads within .png image files. Researchers said that they discovered the OceanLotus APT group – a Vietnam-linked cyber-espionage group also known as APT32 – using the tactic ...

Malicious PowerShell Detection via Machine Learning

Introduction Cyber security vendors and researchers have reported for years how PowerShell is being used by cyber threat actors to install backdoors, execute malicious code, and otherwise achieve their objectives within enterprises. Security is a cat-and-mouse game between adversaries, researcher...

Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques

Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscation by a range of targeted attackers. Cyber espionage groups and financial threat actors continue to adopt the latest cutting-edge application whitelisting bypass techniques and introduce innovative...

Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques

Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscation by a range of targeted attackers. Cyber espionage groups and financial threat actors continue to adopt the latest cutting-edge application whitelisting bypass techniques and introduce innovative...

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber espionage actors, now designated by FireEye as APT32 OceanLotus Group, are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of...

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber espionage actors, now designated by FireEye as APT32 OceanLotus Group, are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of...