OceanLotus, also known as APT32, BISMUTH, or Canvas Cyclone, [1] is a hacker group associated with the government of Vietnam. [2] [3] [4] [5] It has been accused of cyberespionage targeting political dissidents, government officials, and businesses with ties to Vietnam. [6]
In 2020, Bloomberg reported that OceanLotus had targeted China's Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic. The Vietnamese Ministry of Foreign Affairs called the accusations unfounded. [7] [8] [9]
In 2020, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware. In November 2020 Volexity researchers disclosed that OceanLotus had set up fake news websites and Facebook pages to both engage in web profiling and distribute malware. [10] [11] According to reports, Facebook traced the group's activities to an IT company called CyberOne Group in Ho Chi Minh City. [12]
In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bui Thanh Hieu. [13]
In March 2021, it was reported that the group's operations were impacted by a fire at an OVH data center in France. [14]
In Bui's case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.
{{
cite news}}
: CS1 maint: multiple names: authors list (
link)
OceanLotus, also known as APT32, BISMUTH, or Canvas Cyclone, [1] is a hacker group associated with the government of Vietnam. [2] [3] [4] [5] It has been accused of cyberespionage targeting political dissidents, government officials, and businesses with ties to Vietnam. [6]
In 2020, Bloomberg reported that OceanLotus had targeted China's Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic. The Vietnamese Ministry of Foreign Affairs called the accusations unfounded. [7] [8] [9]
In 2020, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware. In November 2020 Volexity researchers disclosed that OceanLotus had set up fake news websites and Facebook pages to both engage in web profiling and distribute malware. [10] [11] According to reports, Facebook traced the group's activities to an IT company called CyberOne Group in Ho Chi Minh City. [12]
In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bui Thanh Hieu. [13]
In March 2021, it was reported that the group's operations were impacted by a fire at an OVH data center in France. [14]
In Bui's case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.
{{
cite news}}
: CS1 maint: multiple names: authors list (
link)