APT32
APT32 is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists with a strong focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia. They have extensively used strategic web compromises to compromise victims.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
4 mentions · 1 source"Antiy discovered that the Oceanlotus organization, in cyberattacks targeting China, pre-compromised public network routers, cameras, and other IoT devices scattered across important provinces and cities in China through weak credential brute-forcing and vulnerability exploitation to serve as jump-off points, installing traffic forwarding tools, and relaying the theft and control traffic of the Torii remote control trojan through one or multiple jump-off points to the real Torii command and co..."
"OceanLotus group suspected of uploading malicious wheel packages on PyPI"
"OceanLotus suspected of using PyPI to deliver ZiChatBot malware"
"we believe the packages may be linked to malware discussed in a Threat Intelligence report on OceanLotus"
Hedge terms observed