Sciextor

APT 32

APT 32 is another cyber espionage group that is suspected to be linked to the Vietnamese government and its interests

The group has been active since at least 2014, and has targeted various entities and sectors, such as foreign companies operating in Vietnam, human rights activists, media outlets, and neighboring governments

History

• In 2020, the group was involved in a campaign that used COVID-19-themed phishing emails to deliver malware to Chinese government agencies and other organization.
• In 2019, the group was linked to a software supply chain attack that leveraged a legitimate Android app to deliver spyware to users in Cambodia .
• In 2018, the group was exposed for conducting a long-term cyber espionage operation against a global hospitality developer that was competing with a Vietnamese company for a lucrative contract .
• In 2017, the group was discovered to have compromised the websites of several Vietnamese dissidents and human rights organizations to collect information and track their visitors .

Attack types

METALJACK, LUCKYBIRD, SLOWGYRO, and DUCKFAT: These are Python-based implants that can perform various functions, such as file transfer, command execution, credential theft, and data exfiltration

PlugX: This is a remote access trojan (RAT) that can perform various malicious activities, such as file manipulation, process injection, keylogging, and screen capture

TONESHELL: This is a custom shellcode loader that can execute encrypted payloads in memory

C4: This is a tool that can open a Windows Command Shell on a remote host