Security News > 2020 > December > Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam

Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware.

Exact evidence trail leading Facebook to attribute the hacking activity to CyberOne Group was not disclosed, but according to a description on ITViec - a Vietnamese online platform to find and post job vacancies for IT professionals and software developers - the company advertises itself as a "Multinational company" with a focus on developing "Products and services to ensure the security of IT systems of organizations and businesses."

Facebook's unmasking of APT32 comes months after Volexity disclosed multiple attack campaigns launched via multiple fake websites and Facebook pages to profile users, redirect visitors to phishing pages, and distribute malware payloads for Windows and macOS. Additionally, ESET reported a similar operation spreading via the social media platform in December 2019, using posts and direct messages containing links to a malicious archive hosted on Dropbox.

Now according to Facebook, APT32 created fictitious personas, posing as activists and business entities, and used romantic lures to reach out to their targets, ultimately tricking them into downloading rogue Android apps through Google Play Store that came with a wide range of permissions to allow broad surveillance of peoples' devices.

In a separate development, Facebook said it also disrupted a Bangladesh-based group that targeted local activists, journalists, and religious minorities, to compromise their accounts and amplify their content.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/WobQ7zMc8KA/facebook-tracks-apt32-oceanlotus.html