OceanLotus APT is very active, it used new Backdoor in recent campaigns


The OceanLotus Group has been active since at least 2013, according to the experts it is a state-sponsored hacking group linked to Vietnam, most of them in Vietnam, the Philippines, Laos, and Cambodia. The hackers targeting organizations across multiple industries and have also targeted foreign governments, dissidents, and journalists. Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam's manufacturing, consumer products, and hospitality sectors. The APT32 is also targeting peripheral network security and technology infrastructure corporations, and security firms that may have connections with foreign investors. Researchers at Volexity has been tracking the threat actor since May 2017, they observed attacks aimed at the Association of Southeast Asian Nations (ASEAN), and media, human rights, and civil society organizations.