Facebook Fingers Vietnamese APT Group

Uploaded on 2021-01-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Social media giant Facebook has revealed that it has disrupted the activity of two groups of hackers, one operating from Vietnam and the other from Bangladesh. If these attacks are confirmed, it would be a rare instance of suspected state-backed hackers being tracked down by a social media organisation.

Facebook has accused the Vietnamese IT enterprise CyberOne Team of harbouring concrete inbound links with the infamous hacking collective called APT32, also known as OceanLotus. Facebook's actions are surprising and are certain to attract scrutiny not only from government officials in Vietnam and across the cyber security industry at large.

APT32 is a Vietnamese group that is been mainly connected with targeting human rights activists regionally and international governments abroad, as well as many providers in several industries.Facebook says these groups were engaged in espionage activities, attempting to compromise accounts to gain access to information of interest. Not connected to one another, the groups targeted individuals on Facebook and other online platforms, employing a variety of tactics.

Facebook’s threat intelligence experts are working to stop such attacks as malware threats and hacking platforms and accounts by nation state adversaries and criminal hackers. As part of this work Facebook will notify users if they need to protect their accounts. “The latest activity we investigated and disrupted has the hallmarks of a well-resourced and persistent operation focusing on many targets at once, while obfuscating their origin,” said Facebook’s head of security policy Nathaniel Gleicher. “We shared our findings including YARA rules and malware signatures with our industry peers so they too can detect and stop this activity. To disrupt this operation, we blocked associated domains from being posted on our platform, removed the group’s accounts and notified people who we believe were targeted by APT32.”

Facebook has not explained the exact links between OceanLotus and CyberOne Group, however, and the company itself has denied all affiliations with the group. “We are NOT Ocean Lotus,” an individual operating the firm’s now-suspended Facebook page told Reuters. “It’s a mistake.”

Neither has Facebook explained the exact nature of its evidence, suggesting that doing so would make the group more difficult to track in the future, although this apparently includes online infrastructure, malicious code, and other hacking tools and techniques.

OceanLotus built custom malware capable of detecting the type of operating system a target uses, before sending a tailored payload that executes the malicious code. The malware propagation technique involves an attack method known as a watering hole attack, in which hackers compromise websites and create their own to include obscured malicious JavaScript elements to track victims’ browser information. 

The Bangladesh-based group targeted local activists, journalists and religious minorities, including those living abroad, to compromise their accounts and have some of them disabled by Facebook for violating its Community Standards policy. Facebook's investigation linked this activity to two non-profit organisations in Bangladesh: Don’s Team (also known as Defense of Nation) and the Crime Research and Analysis Foundation (CRAF). who appeared to be operating across a number of internet services. 

Facebook      Reuters:     ITPro:     Dhaka Tribune:      Security Week:        ZDNet:       

You Might Also Read:

Vietnam Says Facebook  Is Acting Illegally:

 

« How Nation States Use Their Cyber Power
Julian Assange Will Not Face Trial In The US - Yet »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Security Mentor

Security Mentor

Security Mentor provides innovative, online security awareness training designed for how people learn and work.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

Clym

Clym

Clym is the data privacy platform that helps organisations meet their data protection obligations. Cookies, Consent, Requests, Policies and more are all managed in a secure and adaptive application.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

ARIA Cybersecurity Solutions

ARIA Cybersecurity Solutions

The ARIA ADR Automatic Detection & Response solution was designed to find, verify, and stop all types of attacks - automatically and in real time.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.

CheapSSLWEB

CheapSSLWEB

CheapSSLWeb.com is an affordable and trusted SSL/TLS certificate provider from globally recognized CA (Certificate Authority) Comodo, Sectigo, and Certera..