OceanLotus
{{Short description|Vietnam-based cyber espionage group}}
OceanLotus, also named APT32, BISMUTH, Ocean Buffalo by CrowdStrike, or Canvas Cyclone by Microsoft,{{cite web |title=How Microsoft names threat actors |url=https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming |publisher=Microsoft |access-date=21 January 2024}} is a hacker group allegedly associated with the government of Vietnam. The founding member is identified as [https://e.vnexpress.net/news/business/hacker-claims-30-million-vietnamese-people-s-school-records-on-sale-4486994.html meli0das].{{cite web |last1=Panda |first1=Ankit |title=Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19 |url=https://thediplomat.com/2020/04/offensive-cyber-capabilities-and-public-health-intelligence-vietnam-apt32-and-covid-19/ |website=Thediplomat.com |access-date=29 April 2020}}{{cite news |title=Lined up in the sights of Vietnamese hackers |url=https://web.br.de/interaktiv/ocean-lotus/en/ |first=Hakan |last=Tanriverdi |first2=Max |last2=Zierer |first3=Ann-Kathrin |last3=Wetter |first4=Kai |last4=Biermann |first5=Thi Do |last5=Nguyen |publisher=Bayerischer Rundfunk |date=October 8, 2020 |editor-first=Verena |editor-last=Nierle |editor-first2=Robert |editor-last2=Schöffel |editor-first3=Lisa |editor-last3=Wreschniok |quote=In Bui’s case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.}}{{cite web |last1=Hay Newman |first1=Lilly |title=An Up-Close View of the Notorious APT32 Hacking Group in Action |url=https://www.wired.com/2017/05/close-look-notorious-apt32-hacking-group-action/ |website=Wired.com |access-date=7 November 2020}}{{cite web|title=Vietnamese APT32 group is one of the most advanced APTs in the threat landscape |url=https://www.cyberdefensemagazine.com/vietnamese-apt32-group-is-one-of-the-most-advanced-apts-in-the-threat-landscape-2/ |website=Cyberdefensemagazine.com |access-date=7 November 2020}} It has been accused of cyberespionage targeting political dissidents, government officials, and businesses with ties to Vietnam.{{Cite news|last=Pearson|first=Jack Stubbs, James|date=2020-12-11|title=Facebook tracks 'OceanLotus' hackers to IT firm in Vietnam|language=en|website=Reuters.com|url=https://www.reuters.com/article/facebook-vietnam-cyber-idCAKBN28L03Y|access-date=2021-03-02}}
History
In April 2020, Bloomberg reported that OceanLotus had targeted China's Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic. The Vietnamese Ministry of Foreign Affairs called the accusations unfounded.{{cite web|url=https://www.bloomberg.com/news/articles/2020-04-23/vietnamese-hackers-targeted-china-officials-at-heart-of-outbreak|title=Vietnamese Hackers Targeted China Officials at Heart of Outbreak|website=Bloomberg.com|author=Jamie Tarabay|date=April 23, 2020}}{{Cite web|url=https://thediplomat.com/2020/05/did-vietnamese-hackers-target-the-chinese-government-to-get-information-on-covid-19/|title=Did Vietnamese Hackers Target the Chinese Government to Get Information on COVID-19?|first=Carl|last=Thayer|website=Thediplomat.com}}{{Cite web|url=https://qz.com/1843644/fireeye-vietnam-hackers-targeted-china-over-covid-19/|title=Vietnam's early coronavirus response reportedly included hackers who targeted China|first=Mary|last=Hui|website=Qz.com}}
In November, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware. Volexity researchers disclosed that OceanLotus had set up fake news websites and Facebook pages to both engage in web profiling and distribute malware.{{cite web |last1=Vavra |first1=Shannon |title=Vietnamese hacking group OceanLotus uses imitation news sites to spread malware |url=https://www.cyberscoop.com/vietnam-hacking-oceanlotus-apt32-fake-news/ |website=Cyberscoop.com |publisher=Cyberscoop |access-date=7 November 2020}}{{cite web |last1=Franceschi-Bicchierai |first1=Lorenzo |title=Vietnamese Hackers Ran ‘Fake News’ Websites To Target Visitors |url=https://www.vice.com/en/article/vietnamese-hackers-ran-fake-news-websites-to-target-visitors/ |website=Vice.com |access-date=7 November 2020}} According to reports, Facebook traced the group's activities to an IT company called CyberOne Group in Ho Chi Minh City.{{Cite web|url=https://www.reuters.com/article/facebook-vietnam-cyber-idUKKBN28L03Y|title=Facebook tracks 'OceanLotus' hackers to IT firm in Vietnam|date=11 December 2020|access-date=15 December 2021|website=Reuters.com}}
In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bùi Thanh Hiếu.{{Cite web|title=Vietnamese activists targeted by notorious hacking group|url=https://www.amnesty.org/en/latest/news/2021/02/viet-nam-hacking-group-targets-activist/|access-date=2021-03-02|website=Amnesty.org|language=en}}
In March 2021, it was reported that the group's operations were impacted by a fire at an OVHcloud data centre in France.{{Cite web|last=Coble|first=Sarah|date=2021-03-15|title=OVH Data Center Fire Impacts Cyber-criminals|url=https://www.infosecurity-magazine.com:443/news/ovh-data-center-fire-impacts/|access-date=2021-03-15|website=Infosecurity-magazine.com}}
References
{{reflist}}
External links
{{Hacking in the 2020s}}