Facebook Fingers Vietnamese APT Group

Uploaded on 2021-01-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Social media giant Facebook has revealed that it has disrupted the activity of two groups of hackers, one operating from Vietnam and the other from Bangladesh. If these attacks are confirmed, it would be a rare instance of suspected state-backed hackers being tracked down by a social media organisation.

Facebook has accused the Vietnamese IT enterprise CyberOne Team of harbouring concrete inbound links with the infamous hacking collective called APT32, also known as OceanLotus. Facebook's actions are surprising and are certain to attract scrutiny not only from government officials in Vietnam and across the cyber security industry at large.

APT32 is a Vietnamese group that is been mainly connected with targeting human rights activists regionally and international governments abroad, as well as many providers in several industries.Facebook says these groups were engaged in espionage activities, attempting to compromise accounts to gain access to information of interest. Not connected to one another, the groups targeted individuals on Facebook and other online platforms, employing a variety of tactics.

Facebook’s threat intelligence experts are working to stop such attacks as malware threats and hacking platforms and accounts by nation state adversaries and criminal hackers. As part of this work Facebook will notify users if they need to protect their accounts. “The latest activity we investigated and disrupted has the hallmarks of a well-resourced and persistent operation focusing on many targets at once, while obfuscating their origin,” said Facebook’s head of security policy Nathaniel Gleicher. “We shared our findings including YARA rules and malware signatures with our industry peers so they too can detect and stop this activity. To disrupt this operation, we blocked associated domains from being posted on our platform, removed the group’s accounts and notified people who we believe were targeted by APT32.”

Facebook has not explained the exact links between OceanLotus and CyberOne Group, however, and the company itself has denied all affiliations with the group. “We are NOT Ocean Lotus,” an individual operating the firm’s now-suspended Facebook page told Reuters. “It’s a mistake.”

Neither has Facebook explained the exact nature of its evidence, suggesting that doing so would make the group more difficult to track in the future, although this apparently includes online infrastructure, malicious code, and other hacking tools and techniques.

OceanLotus built custom malware capable of detecting the type of operating system a target uses, before sending a tailored payload that executes the malicious code. The malware propagation technique involves an attack method known as a watering hole attack, in which hackers compromise websites and create their own to include obscured malicious JavaScript elements to track victims’ browser information. 

The Bangladesh-based group targeted local activists, journalists and religious minorities, including those living abroad, to compromise their accounts and have some of them disabled by Facebook for violating its Community Standards policy. Facebook's investigation linked this activity to two non-profit organisations in Bangladesh: Don’s Team (also known as Defense of Nation) and the Crime Research and Analysis Foundation (CRAF). who appeared to be operating across a number of internet services. 

Facebook      Reuters:     ITPro:     Dhaka Tribune:      Security Week:        ZDNet:       

You Might Also Read:

Vietnam Says Facebook  Is Acting Illegally:

 

« How Nation States Use Their Cyber Power
Julian Assange Will Not Face Trial In The US - Yet »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

Turk Telekom

Turk Telekom

Turk Telekom is the first integrated telecommunications operator in Turkey.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

Sublime Security

Sublime Security

Sublime is an adaptive email security platform that combines best-in-class effectiveness with unprecedented visibility and control.

HCLTech

HCLTech

HCLTech is a global technology company delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products.