Also known as: OceanLotus Group
Suspected attribution: Vietnam
Target sectors: Foreign companies investing in Vietnam’s manufacturing, consumer products, consulting and hospitality sectors
Overview: Recent activity targeting private interests in Vietnam suggests that APT32 poses a threat to companies doing business, manufacturing or preparing to invest in the country. While the specific motivation for this activity remains opaque, it could ultimately erode the competitive advantage of targeted organizations.
Associated malware: SOUNDBITE, WINDSHIELD, PHOREAL, BEACON, KOMPROGO
Attack vectors: APT32 actors leverage ActiveMime files that employ social engineering methods to entice the victim into enabling macros. Upon execution, the initialized file typically downloads multiple malicious payloads from a remote server. APT32 actors delivers the malicious attachments via spear phishing emails. Evidence has shown that some may have been sent via Gmail.
