Vietnamese Hackers of “Ocean Lotus” Are Targeting Human Rights Activists

  • State-supported actors are targeting Vietnamese freedom of speech and human rights activists.
  • The hackers are sending emails laced with a downloader which then fetches powerful spyware.
  • Vietnam is going through dark times, bashing free journalism and upping online repression.

Vietnamese human rights activists and freedom of speech advocates are being actively targeted by sophisticated state-supported hackers of the “Ocean Lotus” (APT32) group. This is the same group of hackers that was attributed responsibility for cyber-attacks against BMW and Hyundai and the one that planted Monero miners on compromised targets to create a distraction.

This time, APT32 was “caught” by Amnesty International Security Lab, targeting a Vietnamese human rights defender (Bui Thanh Hieu) who lives in Germany, and also a Vietnamese NGO (VOICE – Vietnamese Overseas Initiative for Conscience Empowerment), which is based in the Philippines.

Source: Amnesty International

The technical evidence collected and analyzed by Amnesty’s agents indicates that the attacks happened between 2018 and 2020. The hackers attempted to infect the targets via emails that carried spyware attachments.

The payloads covered both macOS and Windows systems, and the variants used include the “Kerrdown” downloader, which then fetched the “Cobalt Strike” toolkit. The capabilities include keylogging, system information collection, upload or download of files, command execution, and file execution.

Source: Amnesty International

Vietnam has a 20/100 score on Freedom House, which gives the country a “Not Free” status. Political rights and civil liberties are increasingly getting undermined by the governing party (CPV), and many journalists, bloggers, and human rights activists are getting arrested, convicted as criminals, or physically assaulted at will.

In December 2020, we posted a piece on which countries use the highest number of Chinese surveillance cameras, and Vietnam came second in the world, indicative of the regime’s avocation with population control and pro-active repression. Also, just last month, the government passed a new “cybersecurity law” that requires Facebook, Google, and all IT companies offering services in the country to store user data locally and make it accessible to state authorities.

If you fight or advocate for human rights and freedom of speech in Vietnam, be very careful with all incoming communications, especially emails with attachments. Do not click on shortened links, do not give apps access to your Google account willy-nilly, keep all your software and OS updated, use a reliable AV tool, and enable 2FA wherever that’s possible. “Ocean Lotus” is a sophisticated actor, but if you follow certain precautionary measures without deviation, it’ll be quite hard for the hackers to compromise you.



How to Use LiDAR on Your iPhone 13 Pro and Pro Max

Last year, Apple brought LiDAR scanning to its smartphone lineup (after being available on iPad Pro). And this year, that same feature is found...

How to Use Your iPhone 13 Pro and Pro Max Camera

If you’ve already checked iPhone 13’s camera specs, you know that plenty of goodness awaits. Aside from upgraded internals, iOS is now equipped...

How to Watch Sunday Night Football Without Cable in 2021: Schedule, TV Channel, Live Stream

The 2021 NFL season is here, and we can hardly contain our excitement. The opportunity to watch your favorite team in action live...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari