fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

APT32 State Hackers Target Human Rights Defenders With Spyware

APT32 State Hackers Target Human Rights Defenders With Spyware

Vietnam-backed hacking group APT32 has coordinated several spyware attacks targeting Vietnamese human rights defenders (HRDs) between February 2018 and November 2020.

The state hackers also pointed their attacks at a nonprofit (NPO) human rights organization from Vietnam, as Amnesty International’s Security Lab revealed (full report here).

The spyware used by the APT32 hackers allowed them to read and write documents on compromised systems, launch malicious tools and programs, and monitor their victims’ activities.

“These latest attacks by Ocean Lotus highlight the repression Vietnamese activists at home and abroad face for standing up for human rights,” Amnesty Tech researcher Likhita Banerji said. “This unlawful surveillance violates the right to privacy and stifles freedom of expression.”

“The Vietnamese government must carry out an independent investigation. Any refusal to do so will only increase suspicions that the government is complicit in the Ocean Lotus attacks.”

Also Read: 10 Practical Benefits of Managed IT Services

Victims infected with spyware via phishing emails

As Amnesty International said, these attacks are part of an ongoing campaign focused on tracking and spying on Vietnamese HRDs, bloggers, and nonprofit organizations (from within and outside Vietnam’s borders) spanning over the last 15 years.

APT32’s “coordinated spyware campaign” targeted pro-democracy activist Bui Thanh Hieu, the Vietnamese Overseas Initiative for Conscience Empowerment (VOICE) NPO, and an undisclosed Vietnamese blogger.

“VOICE and the two bloggers all received emails containing spyware between February 2018 and November 2020,” Amnesty International added, with the final payload being installed on the victims’ Windows computers using APT32’s Kerrdown downloader.

The attackers downloaded and deployed Cobalt Strike beacons to gain persistent remote access to the compromised systems.

In the case of victims who used Macs, the APT32 operators used a macOS backdoor spotted by TrendMicro in previous attacks on Vietnamese targets, a malware strain designed to provide the attackers with the ability to download, upload, and execute arbitrary files and commands.

APT32 spyware campaign
APT32 spyware campaign (Amnesty International)

APT32’s real identity exposed by Facebook

APT32 (aka OceanLotus, SeaLotus) is a Vietnamese-backed advanced persistent threat group known for targeting foreign companies investing in multiple Vietnam industry sectors, Vietnamese human rights organizations and activists, and worldwide research institutes and media organizations.

They also breached the networks of Toyota and Lexus sales subsidiaries, the networks of BMW and Hyundai, and they were linked by Crowdstrike to attacks against automotive targets.

More recently, APT32 attempted to harvest intelligence on the ongoing COVID-19 crisis through spear-phishing attacks targeting China’s Ministry of Emergency Management and the Wuhan province government.

FireEye also describes the group as “aligned with Vietnamese state interests,” with their targeted operations against journalists and Vietnam diaspora members threatening free speech and political activism.

The real identity of APT32 was exposed by the Facebook security team in December 2020 when they were publicly linked to the Vietnamese IT firm CyberOne Group.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

“Although Amnesty International was unable to independently verify any direct connection between Ocean Lotus and CyberOne or with the Vietnamese authorities, the attacks described in this investigation confirm a pattern of targeting Vietnamese individuals and organizations,” Amnesty International said.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us