Facebook’s security team has taken action against a phishing operation run by APT32 (also known as OceanLotus), a threat actor associated with the Vietnamese government. Facebook says the actor “targeted Vietnamese human rights activists locally and abroad, various foreign governments including those in Laos and Cambodia, non-governmental organizations, news agencies and a number of businesses across information technology, hospitality, agriculture and commodities, hospitals, retail, the auto industry, and mobile services with malware.”
Social engineering was a core component of the operation. The hackers made fake accounts on multiple social media platforms, including Facebook, which they used to gain the trust of their targets before sending them phishing links.
“APT32 created fictitious personas across the internet posing as activists and business entities, or used romantic lures when contacting people they targeted,” Facebook says. “These efforts often involved creating backstops for these fake personas and fake organizations on other internet services so they appear more legitimate and can withstand scrutiny, including by security researchers. Some of their Pages were designed to lure particular followers for later phishing and malware targeting.”
The threat actor also planted malicious apps in the Google Play Store, and used watering-hole sites to deliver malware.
“APT32 compromised websites and created their own to include obfuscated malicious javascript as part of their watering hole attack to track targets’ browser information,” the researchers write. “A watering hole attack is when hackers infect websites frequently visited by intended targets to compromise their devices. As part of this, the group built custom malware capable of detecting the type of operating system a target uses (Windows or Mac) before sending a tailored payload that executes the malicious code. Consistent with this group’s past activity, APT32 also used links to file-sharing services where they hosted malicious files for targets to click and download. Most recently, they used shortened links to deliver malware.”
New-school security awareness training can help your employees defend themselves against social engineering attacks launched by both nation-state hackers and petty cybercriminals.
Facebook has the story.
