The security firm Volexity reported on Monday that it uncovered a massive campaign of digital surveillance and web-based attacks directed at ASEAN and other civil society groups in Vietnam, Cambodia and other countries, including ASEAN, the Association of Southeast Asian Nations.
Volexity researchers discovered malicious code lurking on main website for ASEAN and more than 80 other websites, many belonging to small media, human rights and civil society organizations, as well as individuals who had been critical of the Vietnamese government. The malicious code allowed the hacking group, dubbed OceanLotus, to track, profile and target visitors to the websites, Volexity said.
The scope of the campaign was one of the largest the researchers have ever come across, rivaling the so-called “Waterbug” campaign of phishing and watering hole attacks that was described by the security firm Symantec in 2016.
Links to Vietnam
OceanLotus is believed to be an Advanced Persistent Threat (or APT) group, also known as APT 32, that appears to be operating out of Vietnam. And, while that country is not typically listed among the top producers of offensive cyber campaigns, Volexity said OceanLotus “has rapidly advanced its capabilities and is now one of the more sophisticated APT actors currently in operation.” The close association of the observed targets with actors critical of the Vietnamese government suggests that the OceanLotus group is a nation-backed operation that has been rapidly developing a highly skilled and organized computer network exploitation (CNE) capability, the company said in its report.
A large scale operation
Activities by hacking groups linked to nation states has increased in the five years since the Stuxnet campaign first came to light. In a report released by the Council on Foreign Relations, 16 different nations were found to be sponsoring cyber operations, including the United States. Vietnam is among those nations, with campaigns targeting civilians and other groups dating back to 2010.