Oceanlotus Group

Threat Actor updated 23 days ago (2024-11-29T13:39:12.087Z)
Download STIX
Preview STIX
The OceanLotus Group, also known as APT32, is a threat actor suspected to originate from Vietnam. This group poses a significant threat to foreign companies investing in Vietnam's manufacturing, consumer products, consulting, and hospitality sectors. The group operates with a typical 9 AM to 6 PM working pattern on weekdays, indicating a high level of organization. Their activities have been observed in various cyber-espionage operations, such as Operation Cobalt Kitty, where they targeted a global corporation in Asia. They have also attacked governments, dissidents, and journalists in Southeast Asian countries, including Vietnam. During the investigation of Operation Cobalt Kitty, cybersecurity firm Cybereason uncovered new tools in the OceanLotus Group’s attack arsenal. The group has been using a specific type of shellcode consistently in their operations. Additionally, a new malware family named KerrDown was discovered, which is believed to be employed by the OceanLotus Group. The group's modus operandi and tools served as behavioral fingerprints that were instrumental in attributing the large-scale cyber espionage APT to the OceanLotus Group. Despite rumors and speculations in the InfoSec community, there's no publicly available evidence confirming that the OceanLotus Group is a nation-state threat actor as of the time of writing. However, the group's capabilities and working methods are well-documented and pose a considerable threat to entities doing business or preparing to invest in Vietnam. In addition, Cybereason managed to attribute a previously unreported backdoor variant, "Denis," to the OceanLotus Group, further demonstrating their sophisticated cyber-espionage capabilities.
Description last updated: 2024-04-09T05:15:34.104Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT32 is a possible alias for Oceanlotus Group. APT32, also known as OceanLotus Group, SeaLotus, APT-C-00, and Cobalt Kitty, is a threat actor suspected to be originating from Vietnam. This group has been active since at least 2012, primarily targeting foreign companies investing in Vietnam's manufacturing, consumer products, consulting, and hosp
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Oceanlotus Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more