Nation-State Actor

APT32 (OceanLotus)

Vietnam • Active since 2014

APT32 is Vietnam's hacking team that spies on foreign companies doing business in Vietnam and Vietnamese activists abroad. They use clever tricks like fake job offers and hacked websites to infect their targets.

Overview

APT32 is a Vietnamese state-sponsored threat group that targets foreign corporations, dissidents, and journalists. They are known for targeting companies with business interests in Vietnam and Vietnamese diaspora activists.

Also Known As

OceanLotus, SeaLotus, APT-C-00, Canvas Cyclone

Target Industries

Manufacturing, Consumer Products, Hospitality, Media, Automotive

Target Regions

Vietnam, Southeast Asia, United States, Germany

Is your business exposed?

Tactics, Techniques & Procedures

  • Watering hole attacks
  • Spear-phishing with macros
  • Social media luring
  • Strategic web compromise
  • Steganography

Known Tools & Malware

METALJACK, SOUNDBITE, WINDSHIELD, KOMPROGO, PHOREAL

Notable Campaigns

Automotive Industry Targeting (2019)

Targeted automotive manufacturers with operations in Vietnam.

COVID-19 Research Theft (2020)

Targeted Chinese organizations during early COVID-19 pandemic.

MITRE ATT&CK Techniques

T1189, T1566.001, T1204.002, T1027.003, T1059.005

Defense Recommendations

  1. 1.

    Assess Vietnam-related business exposure

  2. 2.

    Block macro execution in Office documents

  3. 3.

    Monitor for steganography indicators

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices