G0050
G0050APT32
Description
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists with a strong focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia. They have extensively used strategic web compromises to compromise victims.(Citation: FireEye APT32 May 2017)(Citation: Volexity OceanLotus Nov 2017)(Citation: ESET OceanLotus)
References
- https://attack.mitre.org/groups/G0050
- https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf
- https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
- https://www.cybereason.com/blog/operation-cobalt-kitty-apt
- https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/
- https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/
- https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/
Software attributed to this4
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Software | Deniss0354 | 100% | live |
| Software | Goopys0477 | 100% | live |
| Software | KOMPROGOs0156 | 100% | live |
| Software | OSX_OCEANLOTUS.Ds0352 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.