Facebook Describes APT32 Social Engineering Campaign



Facebook Social Engineering CampaignFacebook’s security team has taken action against a phishing operation run by APT32 (also known as OceanLotus), a threat actor associated with the Vietnamese government. Facebook says the actor “targeted Vietnamese human rights activists locally and abroad, various foreign governments including those in Laos and Cambodia, non-governmental organizations, news agencies and a number of businesses across information technology, hospitality, agriculture and commodities, hospitals, retail, the auto industry, and mobile services with malware.”

Social engineering was a core component of the operation. The hackers made fake accounts on multiple social media platforms, including Facebook, which they used to gain the trust of their targets before sending them phishing links.

“APT32 created fictitious personas across the internet posing as activists and business entities, or used romantic lures when contacting people they targeted,” Facebook says. “These efforts often involved creating backstops for these fake personas and fake organizations on other internet services so they appear more legitimate and can withstand scrutiny, including by security researchers. Some of their Pages were designed to lure particular followers for later phishing and malware targeting.”

The threat actor also planted malicious apps in the Google Play Store, and used watering-hole sites to deliver malware.

“APT32 compromised websites and created their own to include obfuscated malicious javascript as part of their watering hole attack to track targets’ browser information,” the researchers write. “A watering hole attack is when hackers infect websites frequently visited by intended targets to compromise their devices. As part of this, the group built custom malware capable of detecting the type of operating system a target uses (Windows or Mac) before sending a tailored payload that executes the malicious code. Consistent with this group’s past activity, APT32 also used links to file-sharing services where they hosted malicious files for targets to click and download. Most recently, they used shortened links to deliver malware.”

New-school security awareness training can help your employees defend themselves against social engineering attacks launched by both nation-state hackers and petty cybercriminals.

Facebook has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews