OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and...

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Introduction Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI the Python Package Index. We shared this information with the public security community, and the malware was removed from the repository. We submitted...

APT trends report Q3 2024

Kaspersky's Global Research and Analysis Team GReAT has been releasing quarterly summaries of advanced persistent threat APT activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we've published and discussed in more...

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster tracked as APT32, a Vietnamese-aligned hacking crew that's also...

New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities

A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane as part of a cyber attack that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have be...

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U....

Facebook links activities of OceanLotus hackers to IT firm in Vietnam

By Deeba Ahmed The social network has barred Vietnamese APT32 and a Bangladeshi group of hackers from using its platforms for their malicious purposes. This is a post from HackRead.com Read the original post: Facebook links activities of OceanLotus hackers to IT firm in Vietnam...

Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam

Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware. Tracked as APT32 or Bismuth, OceanLotus, and Cobalt Kitt...

Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam

Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware. Tracked as APT32 or Bismuth, OceanLotus, and Cobalt Kitt...

OceanLotus hackers hit macOS users with new malware

By Sudais Asif For now, researchers believe that the malware is targeting Vietnamese users however it is about time it hits macOS users around the world. This is a post from HackRead.com Read the original post: OceanLotus hackers hit macOS users with new malware...

MacOS Users Targeted By OceanLotus Backdoor

A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat APT group. The Vietnam-backed OceanLotus also known as APT 32 has been around since at least 2013, and...

OceanLotus hackers injecting malware in Windows error report

By Waqas OceanLotus is a Vietnamese APT32 group previously known for targeting Android and Mac devices with malware. This is a post from HackRead.com Read the original post: OceanLotus hackers injecting malware in Windows error report...

News Wrap: Microsoft Sway Phish, Malicious GIF and Spyware Attacks

Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell-Welch talk about the biggest news stories of the week ended May 1, including: A “PhantomLance” espionage campaign discovered targeting specific Android victims, mainly in Southeast Asia — which could be the work of the OceanLotus APT...

Sophisticated Android Spyware Attack Spreads via Google Play

A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat APT actor, researchers said this week. Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that’s distributed via dozens of ap...

OceanLotus APT Uses Steganography to Shroud Payloads

The advanced persistent threat APT group OceanLotus has switched up its tactics to use steganography to cloak encrypted payloads within .png image files. Researchers said that they discovered the OceanLotus APT group – a Vietnam-linked cyber-espionage group also known as APT32 – using the tactic ...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 23, 2018

I was having dinner with friends recently and one of the newer members of the group asked me what I did for a living. I told him that I worked for a cybersecurity company and his reply was, “I don’t need to worry about security – I have a MacBook.” I thought that at any second, Rod Serling was...

Interesting disguise employed by new Mac malware HiddenLotus

On November 30, Apple silently added a signature to the macOS XProtect anti-malware system for something called OSX.HiddenLotus.A. It was a mystery what HiddenLotus was until, later that same day, Arnaud Abbati found the sample and shared it with other security researchers on Twitter. The...