Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders

SUMMARY :

A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved multiple persistence mechanisms, including scheduled tasks, COM object hijacking, and DLL side-loading. Various malware families were employed, such as backdoors using steganography and Java-based loaders. The attackers utilized Cobalt Strike for command and control, masquerading domains, and infrastructure designed to evade detection. This case highlights the persistent threats faced by human rights organizations from sophisticated state-sponsored actors.

OPENCTI LABELS :

apt,backdoor,cobalt strike,steganography,vietnam,persistence,com hijacking,human rights,dll side-loading


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders