Facebook Fingers Vietnamese APT Group

Uploaded on 2021-01-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Social media giant Facebook has revealed that it has disrupted the activity of two groups of hackers, one operating from Vietnam and the other from Bangladesh. If these attacks are confirmed, it would be a rare instance of suspected state-backed hackers being tracked down by a social media organisation.

Facebook has accused the Vietnamese IT enterprise CyberOne Team of harbouring concrete inbound links with the infamous hacking collective called APT32, also known as OceanLotus. Facebook's actions are surprising and are certain to attract scrutiny not only from government officials in Vietnam and across the cyber security industry at large.

APT32 is a Vietnamese group that is been mainly connected with targeting human rights activists regionally and international governments abroad, as well as many providers in several industries.Facebook says these groups were engaged in espionage activities, attempting to compromise accounts to gain access to information of interest. Not connected to one another, the groups targeted individuals on Facebook and other online platforms, employing a variety of tactics.

Facebook’s threat intelligence experts are working to stop such attacks as malware threats and hacking platforms and accounts by nation state adversaries and criminal hackers. As part of this work Facebook will notify users if they need to protect their accounts. “The latest activity we investigated and disrupted has the hallmarks of a well-resourced and persistent operation focusing on many targets at once, while obfuscating their origin,” said Facebook’s head of security policy Nathaniel Gleicher. “We shared our findings including YARA rules and malware signatures with our industry peers so they too can detect and stop this activity. To disrupt this operation, we blocked associated domains from being posted on our platform, removed the group’s accounts and notified people who we believe were targeted by APT32.”

Facebook has not explained the exact links between OceanLotus and CyberOne Group, however, and the company itself has denied all affiliations with the group. “We are NOT Ocean Lotus,” an individual operating the firm’s now-suspended Facebook page told Reuters. “It’s a mistake.”

Neither has Facebook explained the exact nature of its evidence, suggesting that doing so would make the group more difficult to track in the future, although this apparently includes online infrastructure, malicious code, and other hacking tools and techniques.

OceanLotus built custom malware capable of detecting the type of operating system a target uses, before sending a tailored payload that executes the malicious code. The malware propagation technique involves an attack method known as a watering hole attack, in which hackers compromise websites and create their own to include obscured malicious JavaScript elements to track victims’ browser information. 

The Bangladesh-based group targeted local activists, journalists and religious minorities, including those living abroad, to compromise their accounts and have some of them disabled by Facebook for violating its Community Standards policy. Facebook's investigation linked this activity to two non-profit organisations in Bangladesh: Don’s Team (also known as Defense of Nation) and the Crime Research and Analysis Foundation (CRAF). who appeared to be operating across a number of internet services. 

Facebook      Reuters:     ITPro:     Dhaka Tribune:      Security Week:        ZDNet:       

You Might Also Read:

Vietnam Says Facebook  Is Acting Illegally:

 

« How Nation States Use Their Cyber Power
Julian Assange Will Not Face Trial In The US - Yet »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

Progress Flowmon

Progress Flowmon

Progress Flowmon (formerly Flowmon Networks) provide high performance network monitoring technology and behavior analytics to enhance network performance and deal with cyber threats.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

OmniIndex

OmniIndex

OmniIndex PostgresBC is the only commercial solution allowing you to keep your most sensitive and critical data encrypted while analyzing it. Structured and unstructured.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.

Corvid Cyberdefense

Corvid Cyberdefense

Corvid Cyberdefense provides military-grade cybersecurity as a service for growing organizations and municipalities of all sizes.