OceanLotus, also known as APT32, APT-C-00, Ocean Buffalo, SeaLotus, among its many names, has been in business since 2014. The group conducts cyber-espionage against organizations of interest to the Vietnamese government. It has attacked Southeast Asian countries, such as Cambodia, Laos, and the Philippines.
- According to recent research, OceanLotus has launched a campaign against the Cambodian government leveraging an ASEAN-themed spear-phishing attack.
- The group has been discovered to have launched several campaigns via fake websites and Facebook pages. These websites profile users, redirect them to phishing pages, and propagate malware payloads for OSX and Windows.
- This malware campaign is conducted leveraging an RAR archive named Adobe_Flash_Install.rar to impersonate an adobe installation and subsequently, deliver the malware. The threat actors, moreover, used cloud storage to host malware payload files.
The bottom line
The OceanLotus APT group is constantly developing its TTPs as it is not just focused on spear-phishing attacks and exploiting compromised websites. As the threat actor has created its own fake website to launch attacks, experts anticipate the group to lean towards organized cyberattacks in the near future.