Facebook’s security team has taken action against a phishing operation run by APT32 (also known as OceanLotus), a threat actor associated with the Vietnamese government. Facebook says the actor “targeted Vietnamese human rights activists locally and abroad, various foreign governments including those in Laos and Cambodia, non-governmental organizations, news agencies and a number of businesses across information technology, hospitality, agriculture and commodities, hospitals, retail, the auto industry, and mobile services with malware.”
Social engineering was a core component of the operation. The hackers made fake accounts on multiple social media platforms, including Facebook, which they used to gain the trust of their targets before sending them phishing links.
“APT32 created fictitious personas across the internet posing as activists and business entities, or used romantic lures when contacting people they targeted,” Facebook says. “These efforts often involved creating backstops for these fake personas and fake organizations on other internet services so they appear more legitimate and can withstand scrutiny, including by security researchers. Some of their Pages were designed to lure particular followers for later phishing and malware targeting.”
The threat actor also planted malicious apps in the Google Play Store, and used watering-hole sites to deliver malware.
New-school security awareness training can help your employees defend themselves against social engineering attacks launched by both nation-state hackers and petty cybercriminals.
Facebook has the story.