Apt32 Fireeye, Learn their TTPs, malware arsenal, and how to detect them.

Apt32 Fireeye, Affiliation: Linked to Vietnamese state-sponsored actors. This 【要点】 ベトナムの標的型攻撃組織 【目次】 概要 【別名】 【使用マルウェア】 【辞書】 【最新記事】 記事 【ニュース】 【ブログ】 【公開 YARA Rules I come across on the internet. In December 2018, FireEye identified APT39 as an Iranian cyber espionage group responsible for widespread theft of personal information. The attacks by the group — designated by FireEye as APT32 — have been conducted since at least 2014, mainly targeting companies operating in the manufacturing, consumer products FireEye analyzed cyber espionage activities of APT32, a threat group believed to be operating out of Vietnam. [2][3][4][5] It Cyber espionage actors which FireEye designates APT32 are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, APT32 is the "newest named Advanced Persistent Threat Group," according to a new report from FireEye. 展望和启示 FireEye根据时间响应调查,产品检测和情报观察以及相关运营商的其他出版物,评估APT32是与越南政府利用相一致的网络间谍组织。 APT32对私营部门利益的定位是值得注 现在被Fireeye命名为APT32(OceanLotus海莲花组织)的网络间谍行动,正在对横跨多个行业的私人企业和外国政府,异议人士和记者进行入侵。 Fireeye评估APT32利用独特且功能全面的恶 APT32 is a Vietnamese state-sponsored advanced persistent threat group. Protect yourself and the community against today's emerging threats. Affiliation: Linked to May 14, 2017 | by Nick Carr Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign The group is innovating rapidly, “attempting new techniques in campaigns every few weeks,” he added. The APT32/OceanLotus group’s activities since 2014 has demonstrated an alignment with Vietnamese government state interests. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and 同时,APT32还针对外围网络安全和技术基础设施公司,以及可能与外国投资者有联系的安全公司。 根据FireEye的说法,从2020年1月至2020年4月攻击一直存在,可疑的越南APT32组织黑客对中国目标 APT32 is a cyber espionage group believed to have ties with the Hanoi government, and has carried out intrusions since at least 2014, according to a 2017 report from FireEye. The full writeup of their analysis can be found on FireEye's site here, and is Vietnamese threat actors APT32 targets the Chinese Ministry of Emergency Management in the latest example of Covid-19 related espionage. 综合应急响应调查结果、产品检测结果、对同一攻击组织的其他公开情报整理结果,FireEye认为APT32这个网络间谍组织与越南政府的利益密切相 近日,FireEye 发布了一份研究报告,报告称:为收集 COVID-19(新型冠状病毒肺炎)的相关情报,至少从 2020 年1月至4月,越南黑客组织 APT32 针对中国目标开展了持续的入侵活动。 Vietnam-backed hacking group APT32 has coordinated several spyware attacks targeting Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. The attribution comes from FireEye’s landmark 2017 report, later corroborated by Mandiant, ESET, Kaspersky, and Microsoft. 1 Embassy of the Socialist Republic of Vietnam in the United States of America, FIREEYE'S GROUNDLESS STATEMENT ON VIET NAM ASSISTED THE APT32 HACKER This report documents an espionage campaign attributed with high confidence to the OceanLotus Group (APT32), a long-running, state-aligned threat actor linked to Vietnam. Per FireEye, here are several breaches which have been attributed to APT32: A An advanced persistent threat (APT) is a stealthy cybersecurity threat, typically manipulated by a state or state-sponsored group, which gains unauthorized Many questions about APT32 remain unanswered. This notorious threat actor has been active since at least OceanLotus 2017-05-14 ⋅ FireEye ⋅ Nick Carr Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations OceanLotus Cuegoe KOMPROGO SOUNDBITE APT32 2016-02-17 ⋅ AT&T Learn about the latest cyber threats. exe Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware OCEANLOTUS: OLD TECHNIQUES, NEW BACKDOOR The OceanLotus group, also known as APT32 and APT-C-00, is infamous for its campaigns targeting the eastern part of Asia. GitHub Gist: instantly share code, notes, and snippets. Published yesterday, the report shows it To harden your cyber defense against today's advanced persistent threat groups, you need to understand how APT groups work and the tactics they use. Des acteurs de cyber-espionnage, désignés par FireEye sous le nom d'APT32 (Groupe OceanLotus), mènent activement des intrusions au sein d’entreprises privées dans de multiples 全球领先网络安全厂商FireEye遭国家级黑客攻击,黑客窃取其Red Team渗透测试工具,可能引发新威胁。FireEye已共享攻击指标并发布应对措 OceanLotus, also named APT32, BISMUTH, Ocean Buffalo by CrowdStrike, or Canvas Cyclone by Microsoft, [1] is a hacker group allegedly associated with the government of Vietnam. 18. Research, collaborate, and share threat intelligence in real time. Learn their TTPs, malware arsenal, and how to detect them. Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also APT32 is a threat group that has been active since at least 2014. Earlier this month, FireEye all but declared the group — designated by FireEye as APT32 – to be a Vietnamese nation-state actor. APT32 has targeted private companies with business interests in Vietnam as well as From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was ATK17 (aka: APT32, SeaLotus, OceanLotus, APT-C-00) is a Vietnamese group that leverages a nearly continuous espionage campaign against various but well-defined targets, while maintaining a According to FireEye, known victims of the APT32 group include a European company constructing a manufacturing facility in Vietnam, a global hospitality industry developer with plans to Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations #127 Closed ghost opened on May 15, 2017 APT32, also identified as OceanLotus, Canvas Cyclone, or BISMUTH—is a state‑aligned Vietnamese espionage group operating since at least 2014, with continued high-profile activity through 2025. Cybereason’s FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Comprehensive Profile of APT30 (APT32) General Information Alias: APT30 is also known as APT32 and OceanLotus. Cybereason’s APT32 is an advanced persistent threat (APT) group targeting Vietnamese interests around the globe, according to new a report from FireEye. A OceanLotus, also known as APT32, is believed to be a Vietnam-based APT group that has become increasingly sophisticated in its attack . We recently discovered a new backdoor we believe to be related to the OceanLotus group. This group appears to be Vietnamese-based and has targeted multiple private sector industries, foreign governments, dissidents, and Associated Groups: COBALT GYPSY, IRN2, APT34, Helix Kitten, Evasive Serpens, Hazel Sandstorm, EUROPIUM, ITG13, Earth Simnavaz, Crambus, TA452 This threat actor, known to use watering-hole attacks to compromise victims, targets organizations of interest to the Vietnamese government for espionage purposes. APT32 and FireEye’s Community Response In the course of investigations into intrusions at several corporations with business interests in Vietnam, FireEye’s Mandiant incident response consultants On 23 April 2020, at the regular press conference of the Ministry of Foreign Affairs, responding to reporters' queries about the US cyber security firm FireEye's statement that Viet Nam assisted the APT32 (OceanLotus) is a Vietnamese state-sponsored APT targeting governments, corporations, and journalists across Southeast Asia. FireEye, which works with large companies to secure their assets from cyber threats, said it has tracked at least 10 separate attacks from the group — referred to as OceanLotus, or APT32是FireEye安全专家发现的一家新APT(高级持续性威胁)组织。 这个组织的目的是越南在全球的利益。 APT32组织,又称为海莲(OceanLotus)组织,最迟自2013年以来一直处于活 ↑ 3. Some of the updates of this new variant include new behavior and domain names. Tools and Tactics Spear Phishing: Customized APT32 is a suspected Vietnam-based threat group that has been active since at least 2014. On 23 April 2020, at the regular press conference of the Ministry of Foreign Affairs, responding to reporters' queries about the US cyber security firm FireEye's statement that Viet Nam assisted the 同时,APT32还针对外围网络安全和技术基础设施公司,以及可能与外国投资者有联系的安全公司。 根据FireEye的说法,从2020年1月至2020年4月攻击一直存在,可疑的越南APT32组织 Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also APT32(海莲花组织)针对多个行业的私人企业和外国政府进行网络间谍活动,利用恶意软件和钓鱼诱饵进行入侵。FireEye通过调查发现其攻击手段复杂且隐蔽,涉及越南及周边国家的多 包括 APT19、APT32、APT40、APT41、FIN6、FIN7、FIN9 和 FIN11,以及 近 300 个 UNC 组。 • EMPIRE 是一个公开可用的 PowerShell 后利用框架, 允许用户在不使用 powershell. Cyber espionage actors, now designated by FireEye as APT32 Dec 14, 2017 Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign Bryce Boland from the cybersecurity firm FireEye noted that it is fully plausible that APT 32 was “understanding how the organizations within the Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also Earlier this month, FireEye all but declared the group — designated by FireEye as APT32 – to be a Vietnamese nation-state actor. The attacks by the group -- designated by FireEye as APT32 -- have been conducted since at least 2014, mainly targeting companies operating in the manufacturing, consumer products On April 22, FireEye, a cyber security firm, reported that “From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets Ocean Lotus Signature Malware FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations aligned Discover how APT32 (OceanLotus) evolved its 2025 campaigns targeting NGOs and cybersecurity professionals through advanced supply-chain attacks and stealth persistence. Contribute to mikesxrs/Open-Source-YARA-rules development by creating an account on GitHub. Over the past several months, FireEye has APT32 looks to be targeting Chinese government organizations in pursuit of information on China's coronavirus response, FireEye researchers said. Cylance says the backdoors it discovered share some code similarities with The APT32 group, also known as OceanLotus Group, has been active since at least 2012, according to the experts it is a state-sponsored 現在、FireEye によって APT32 (OceanLotus Group) として指定されているサイバースパイ活動のアクターは、複数の業界の民間企業に侵入し、外国政府、反体制派、ジャーナリストも 现在被Fireeye命名为APT32 (OceanLotus海莲花组织)的网络间谍行动,正在对横跨多个行业的私人企业和外国政府,异议人士和记者进行入侵。 Fireeye评估APT32利用独特且功能全面的恶意 FireEye không khẳng định chắc chắn là nhóm tin tặc APT32 được chính phủ Việt Nam chống lưng, nhưng có "một số dấu hiệu" có thể liên hệ hoạt động APT32 threat actors have also been opportunistically targeting network security and technology corporations. Over the Theo FireEye, nhóm tin tặc APT32 của Việt Nam đã xâm nhập vào mạng của các tổ chức Trung Quốc giữa thời điểm dịch Covid-19 bùng phát. FireEye says that the group's projects thus far seem to serve Vietnamese state interests, but there isn't yet a broader research APT32 is a new APT group discovered by security experts at FireEye that is targeting Vietnamese interests around the globe. Over the past several months, FireEye has Here is an overview of intrusions investigated by FireEye tha t are attributed to APT32: In 2014, a European corporation was compromised prior to co nstructing a manufacturing facility in Major Report Release: FireEye and CrowdStrike reports provided extensive details on APT11. Attend this webinar to be one of the first to learn details about APT32, a significant espionage operation targeting global companies operating in Southeast Asia. Nick Carr, quản lý cấp cao của FireEye có trách nhiệm đối phó với các nguy cơ tấn công và đe dọa an ninh mạng nói với đài CNBC rằng, cái làm cho tổ chức APT32 khác với các tổ chức tin tặc khác là According to FireEye researchers, APT32/OceanLotus, a Vietnamese hacker group that has been active since at least 2014 and is known primarily for its attacks on journalists and Comprehensive Profile of APT56 (OceanLotus) General Information Alias: APT56 is also known as OceanLotus, APT32, and SeaLotus. We have tracked activity linked to this group since Attend this webinar to be one of the first to learn details about APT32, a significant espionage operation targeting global companies operating in Southeast Asia. The APT32, also known as OceanLotus, is a highly sophisticated and persistent cyber espionage group with origins in Vietnam. Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also Last change to this card: 16 August 2025 Download this actor card in PDF or JSON format FireEye highlighted that currently, it is impossible to precisely link the group to the Vietnamese government even if the information gathered by the On 23 April 2020, at the regular press conference of the Ministry of Foreign Affairs, responding to reporters' queries about the US cyber security firm FireEye's statement that Viet Nam assisted the FireEye “assesses with moderate confidence” that APT32’s latest activity is in support of “the Vietnamese government’s stated domestic vehicle and auto part manufacturing goals,” Carr said. FireEye said a hacking group known as APT32 had tried to compromise the personal and professional email accounts of staff at China's Ministry of Emergency Management and the Attribution and Evidence FireEye Report: FireEye has extensively documented APT32’s activities, linking them to Iranian state-sponsored actors. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state FireEye has stated it believes hacking group Ocean Lotus, also known as APT32 and linked to the Vietnamese government, was involved in a OceanLotus is known to use cloud-based email analytics software intended for sales organizations to track victims of the APT group's phishing In the report, American cybersecurity company FireEye said the same group — labeled APT32 — had also targeted foreign governments, This week, FireEye released an awesome review into APT32 (aka OceanLotus). 0 3. The increase in operational scale and complexity of its The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns. Victims have included human FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests. Characteristics of OceanLotus as private and public concern for policy makers and respond for policy makers Cyber espionage actors, now APT32 ACtiveMime Lure yara rule by FireEye . 1f6, xqua, 5kl, vj, w8l1, 1jzpos, 0ahk, tki3qv0t, 5a9lhb, anpdk,