Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders
Essential information
- Published
- 03/09/2024 08:02
- Modified
- 03/09/2024 08:12
- Tags
- 2024-09-03 apt backdoor cobalt strike com hijacking dll side-loading human rights persistence steganography vietnam
- Related entities
- 46 observables, 1 intrusion sets (apt), 1 malware, 1 others
Description
A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved multiple persistence mechanisms, including scheduled tasks, COM object hijacking, and DLL side-loading. Various malware families were employed, such as backdoors using steganography and Java-based loaders. The attackers utilized Cobalt Strike for command and control, masquerading domains, and infrastructure designed to evade detection. This case highlights the persistent threats faced by human rights organizations from sophisticated state-sponsored actors.