Vietnamese hacking operation APT32, also known as APT-C-00, OceanLotus, Cobalt Kitty, and Canvas Cyclone, has bombarded a Vietnam-based human rights nonprofit organization with multiple malicious payloads as part of an attack campaign that has been ongoing since at least 2020, reports The Hacker News.
APT32's most recent attacks involved the compromise of four hosts with different Windows Registry keys and scheduled tasks that facilitated the deployment of Google Chrome cookie exfiltration, Cobalt Strike beacons, and embedded DLL payload loaders, an analysis from Huntress showed. "This intrusion has a number of overlaps with known techniques used by the threat actor APT32/OceanLotus, and a known target demographic which aligns with APT32/OceanLotus targets," said Huntress researchers. Browser-stored credentials have also been targeted by an ongoing attack campaign against South Korea that involved the exploitation of Microsoft Exchange servers and spearphishing techniques.