For the last few months, the threat group OceanLotus, also known as APT32 and APT-C-00, has been carrying out a watering hole campaign targeting several websites in Southeast Asia.

The campaign has been active since September 2018 and has compromised the sites of the Ministry of Defense of Cambodia, the Ministry of Foreign Affairs and International Cooperation of Cambodia and several Vietnamese newspaper and blog websites, according to a Nov. 20 blog post.

The most recent campaign appears to be an evolution of a watering hole scheme Volexity researchers dubbed OceanLotus Framework B in 2017, with new updates including the use of public key cryptography to exchange an AES session key to further communication and prevent security products from intercepting the final payload.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.