Security is Everyone's Job

APT 32

APT 32 is another cyber espionage group that is suspected to be linked to the Vietnamese government and its interests

The group has been active since at least 2014, and has targeted various entities and sectors, such as foreign companies operating in Vietnam, human rights activists, media outlets, and neighboring governments


Attack types

METALJACK, LUCKYBIRD, SLOWGYRO, and DUCKFAT: These are Python-based implants that can perform various functions, such as file transfer, command execution, credential theft, and data exfiltration

PlugX: This is a remote access trojan (RAT) that can perform various malicious activities, such as file manipulation, process injection, keylogging, and screen capture

TONESHELL: This is a custom shellcode loader that can execute encrypted payloads in memory

C4: This is a tool that can open a Windows Command Shell on a remote host