216.73.216.169

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders

· Published 03/09/2024 08:02 · Modified 03/09/2024 08:12

Export JSON

Essential information

Published
03/09/2024 08:02
Modified
03/09/2024 08:12
Tags
2024-09-03 apt backdoor cobalt strike com hijacking dll side-loading human rights persistence steganography vietnam
Related entities
46 observables, 1 intrusion sets (apt), 1 malware, 1 others

Description

A long-term intrusion targeting a Vietnamese non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved multiple mechanisms, including scheduled tasks, COM object hijacking, and . Various malware families were employed, such as backdoors using and Java-based loaders. The attackers utilized for command and control, masquerading domains, and infrastructure designed to evade detection. This case highlights the persistent threats faced by organizations from sophisticated state-sponsored actors.

External references