Vietnamese Hackers of “Ocean Lotus” Are Targeting Human Rights Activists

  • State-supported actors are targeting Vietnamese freedom of speech and human rights activists.
  • The hackers are sending emails laced with a downloader which then fetches powerful spyware.
  • Vietnam is going through dark times, bashing free journalism and upping online repression.

Vietnamese human rights activists and freedom of speech advocates are being actively targeted by sophisticated state-supported hackers of the “Ocean Lotus” (APT32) group. This is the same group of hackers that was attributed responsibility for cyber-attacks against BMW and Hyundai and the one that planted Monero miners on compromised targets to create a distraction.

This time, APT32 was “caught” by Amnesty International Security Lab, targeting a Vietnamese human rights defender (Bui Thanh Hieu) who lives in Germany, and also a Vietnamese NGO (VOICE – Vietnamese Overseas Initiative for Conscience Empowerment), which is based in the Philippines.

Source: Amnesty International

The technical evidence collected and analyzed by Amnesty’s agents indicates that the attacks happened between 2018 and 2020. The hackers attempted to infect the targets via emails that carried spyware attachments.

The payloads covered both macOS and Windows systems, and the variants used include the “Kerrdown” downloader, which then fetched the “Cobalt Strike” toolkit. The capabilities include keylogging, system information collection, upload or download of files, command execution, and file execution.

Source: Amnesty International

Vietnam has a 20/100 score on Freedom House, which gives the country a “Not Free” status. Political rights and civil liberties are increasingly getting undermined by the governing party (CPV), and many journalists, bloggers, and human rights activists are getting arrested, convicted as criminals, or physically assaulted at will.

In December 2020, we posted a piece on which countries use the highest number of Chinese surveillance cameras, and Vietnam came second in the world, indicative of the regime’s avocation with population control and pro-active repression. Also, just last month, the government passed a new “cybersecurity law” that requires Facebook, Google, and all IT companies offering services in the country to store user data locally and make it accessible to state authorities.

If you fight or advocate for human rights and freedom of speech in Vietnam, be very careful with all incoming communications, especially emails with attachments. Do not click on shortened links, do not give apps access to your Google account willy-nilly, keep all your software and OS updated, use a reliable AV tool, and enable 2FA wherever that’s possible. “Ocean Lotus” is a sophisticated actor, but if you follow certain precautionary measures without deviation, it’ll be quite hard for the hackers to compromise you.



How to Watch Floyd Mayweather Vs. Logan Paul: Live Stream, Fight Date

Boxing legend Floyd Mayweather makes his return to the ring on June 06 to take on famous YouTuber Logan Paul in a...

Google Finds a Way Out of the Deadlock for YouTube TV on Roku

Google is offering a workaround for Roku users who suddenly got locked out of the YouTube TV app.The tech giant is incorporating...

Cryptocurrency Scammers Have Hijacked Twitter Account of Argentinian Politician

Bitcoin scammers have taken over the Twitter account of a prominent political person in Argentina.The actors are leading their prospective victims to...