archive

OceanLotus

  1. OceanLotus: Extending Cyber Espionage Operations Through Fake Websites

    Since Volexity’s 2017 discovery that OceanLotus was behind a sophisticated massive digital surveillance campaign, the threat group has continued to evolve. In 2019, Volexity gave a presentation at RSA Conference that provided a historic and up-to-date look at various operations of the Vietnamese threat actor OceanLotus. Notably, the presentation revealed that, for years, OceanLotus set up and operated multiple activist, news, and anti-corruption websites. At first glance, it appeared these were real websites that had been compromised. These fake websites were convincingly legitimate and allowed OceanLotus to have full control over the tracking of and attacks against website visitors. The most popular of these websites even had a corresponding Facebook page with over 20,000 followers. Shortly after the presentation was given, these websites were shut down or abandoned. However, old habits and successful techniques die hard. Volexity has identified multiple new attack campaigns being launched by OceanLotus via multiple fake […]

  2. OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society

    In May 2017, Volexity identified and started tracking a very sophisticated and extremely widespread mass digital surveillance and attack campaign targeting several Asian nations, the ASEAN organization, and hundreds of individuals and organizations tied to media, human rights and civil society causes. These attacks are being conducted through numerous strategically compromised websites and have occurred over several high-profile ASEAN summits. Volexity has tied this attack campaign to an advanced persistent threat (APT) group first identified as OceanLotus by SkyEye Labs in 2015. OceanLotus, also known as APT32, is believed to be a Vietnam-based APT group that has become increasingly sophisticated in its attack tactics, techniques, and procedures (TTPs). Volexity works closely with several human rights and civil society organizations. A few of these organizations have specifically been targeted by OceanLotus since early 2015. As a result, Volexity has been able to directly observe and investigate various attack campaigns. This report […]