Daily Tech News, Interviews, Reviews and Updates

Facebook turns vigilante, doxes APT32 linking Vietnam’s primary hacking group to local IT firm

Facebook’s security team announced on Thursday that it believes the APT32,one of the most active state-sponsored hacking groups, has been linked to the Vietnamese government. 

The company reportedly took this step after suspecting that the APT32 was using its platform to spread malware in attempts to infect users.


“Our investigation linked this activity to CyberOne Group [archived website, archived Facebook page], an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, Planet and Diacauso),” said Nathaniel Gleicher, Head of Security Policy at Facebook, and Mike Dvilyanski, Cyber Threat Intelligence Manager.


According to the investigation, ATP32 had been operating on facebook through fake personal accounts and pages, usually posing as activists or business entities. These groups would then often share links with their targets that would either lead to phishing attacks or malware. The group has managed to even include links to android apps on the playstore that they then use to spy on their targets. 


The targeted entities according to Facebook are as follows: 

  1. Vietnamese human rights activists locally and abroad
  2. Foreign governments, including those in Laos and Cambodia
  3. Non-governmental organizations
  4. News agencies
  5. and, businesses across information technology, hospitality, agriculture and commodities, hospitals, retail, the auto industry, and mobile services

Especially worrying is the targeting of human rights activists. Facebook has taken down the group’s accounts and pages and blocked the group’s domains preventing them from reusing it again. They have also shared YARA rules and malware signatures, so other social networks and security firms can also take action and protect their users.

The ATP32 is believed to have been operating since 2014, dubbed sometimes as the OceanLotus. In addition to targeting their attacks on political dissidents and activists, they have been also targeting private businesses that might be of particular interest to the Vietnamese government. During a time when the DOJ is stepping on Facebook and it’s Section 230 privileges, the doxing move by Facebook might either be praised or seen as overstepped. 

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More