Facebook cybersecurity experts have linked a hacking group suspected of working for the Vietnamese government, pinning down an IT firm in the country as the nerve center of their operations.
The hacker group, OceanLotus or APT32 (APT stands for advanced persistent threat), has reportedly distributed malware through Facebook and hacked into other individuals’ Facebook accounts. It has been linked to offensive operations emanating from an IT firm in Ho Chi Minh City, CyberOne Group, which is also known as CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, and Planet and Diacauso, according to a statement issued by Facebook on Thursday.
“APT32, an advanced persistent threat actor based in Vietnam, targeted Vietnamese human rights activists locally and abroad, various foreign governments including those in Laos and Cambodia, non-governmental organizations, news agencies, and a number of businesses across information technology, hospitality, agriculture and commodities, hospitals, retail, the auto industry, and mobile services with malware,” read the release.
APT32 has a history of launching operations that are aligned with the Vietnamese government’s interests, and has carried out intrusion campaigns “from at least January to April this year,” targeting the staff and information troves of the Wuhan government and Chinese Ministry of Emergency Management in order to collect intelligence related to the COVID-19 crisis, according to research conducted by cybersecurity firm FireEye in April.
Facebook said that APT32 has deployed an array of adversarial tactics, such as creating fake personas for phishing and targeted malware attacks, luring targets to download apps that allow pervasive surveillance of the devices, and propagating malware on websites frequently visited by the hackers’ intended targets.
APT32 was first identified in 2012, when it launched cyberattacks against Chinese entities, according to a media report. It did the same in Vietnam and the Philippines too.
As one of the fastest growing economies in Asia, Vietnam is a lucrative market for Facebook, which raked in USD 1 billion in the country in 2018, accounting for 30% of its total revenue in Southeast Asia. However, the social media behemoth is in a standoff with the Vietnamese government over content censorship. The Vietnamese government threatened to block Facebook if the platform refuses to censor political content that is critical of the authorities. Facebook reported a nearly tenfold spike in takedown requests in the first half of 2020 compared to the second half of 2019, according to Facebook’s transparency report.