Facebook Says Hackers Backed By Vietnam's Government Are Linked To IT Firm (arstechnica.com) 11
An anonymous reader quotes a report from Ars Technica: Facebook said it has linked an advanced hacking group widely believed to be sponsored by the government of Vietnam to what's purported to be a legitimate IT company in that country. The so-called advanced persistent threat group goes under the monikers APT32 and OceanLotus. It has been operating since at least 2014 and targets private sector companies in a range of industries along with foreign governments, dissidents, and journalists in South Asia and elsewhere. It uses a variety of tactics, including phishing, to infect targets with fully featured desktop and mobile malware that's developed from scratch. To win targets' confidence, the group goes to great lengths to create websites and online personas that masquerade as legitimate people and organizations.
Earlier this year, researchers uncovered at least eight unusually sophisticated Android apps hosted in Google Play that were linked to the hacking group. Many of them had been there since at least 2018. OceanLotus repeatedly bypassed Google's app-vetting process, in part by submitting benign versions of the apps and later updating them to add backdoors and other malicious functionality. FireEye published this detailed report on OceanLotus in 2017, and BlackBerry has more recent information here. On Thursday, Facebook identified Vietnamese IT firm CyberOne Group as being linked to OceanLotus. The group lists an address in Ho Chi Minh city.
Email sent to the company seeking comment returned an error message that said the email server was misconfigured. A report from Reuters on Friday, however, quoted a person operating the company's now-suspended Facebook page as saying: "We are NOT Ocean Lotus. It's a mistake." At the time this post went live, the company's website was also unreachable. An archive of it from earlier on Friday is here.
Earlier this year, researchers uncovered at least eight unusually sophisticated Android apps hosted in Google Play that were linked to the hacking group. Many of them had been there since at least 2018. OceanLotus repeatedly bypassed Google's app-vetting process, in part by submitting benign versions of the apps and later updating them to add backdoors and other malicious functionality. FireEye published this detailed report on OceanLotus in 2017, and BlackBerry has more recent information here. On Thursday, Facebook identified Vietnamese IT firm CyberOne Group as being linked to OceanLotus. The group lists an address in Ho Chi Minh city.
Email sent to the company seeking comment returned an error message that said the email server was misconfigured. A report from Reuters on Friday, however, quoted a person operating the company's now-suspended Facebook page as saying: "We are NOT Ocean Lotus. It's a mistake." At the time this post went live, the company's website was also unreachable. An archive of it from earlier on Friday is here.
Re: (Score:1)
Re: (Score:1)
between this group and the NSA?
Most people will readily admit and agree that the NSA does exist.
But but... (Score:5, Funny)
“CyberOne Group is the leading of #1 essential security technologies you the best compliance rates.”
— from their website. So trust them.
Influence campaigns (Score:3)
The "online personas that masquerade as legitimate people and organizations" is the most interesting part to me.
Whenever something like this is exposed, we need a searchable database of public statements the false accounts did. Wikileaks style. The public, journalists and researchers need to get an accurate look at what an influence campaign looks like - and what it doesn't look like.
Re: (Score:2)
The public, journalists and researchers need to get an accurate look at what an influence campaign looks like - and what it doesn't look like.
You mean, what it hasn't looked like yet? It can look like anything. It can include verifiable facts, it can be written in any style...
Need To Build Up That Pity (Score:2)
Before that court date coming up.
Frankly, we should just retaliate at this point (Score:1)
There's nothing to be gained from nobly crying "those aren't the rules!" and not retaliating. At this point, we should create industrial espionage units at CIA, DIA and NSA and turn them loose on China, Vietnam and anyone else who targets us with such programs.
The NSA should absolutely rape and pillage every last bit of trade secrets that Chinese manufacturers have and share it with our domestic side. Heck, hit TSMC too so we are less dependent on them when senile old Biden says "Taiwan, isn't that an appet