We Live Security reports: “ESET security researchers have released a new whitepaper which dissects the latest additions to the malicious toolkit of the Advanced Persistent Threat (APT) group known as OceanLotus. In the whitepaper, ESET shows how Oceanlotus‘ latest backdoor is able to execute its malicious payload on a system. Its process of installation relies heavily on a decoy document sent to a potential person of interest. The group has been observed to utilise several methods in a bid to trick potential victims into running malicious droppers, including double extension and fake icon applications (e.g. Word, PDF, etc).
“Also known as APT32 or APT C-00, OceanLotus typically targets company and government networks in East-Asian countries, particularly Vietnam, the Philippines, Laos and Cambodia. Last year, in an incident dubbed Operation Cobalt Kitty, the group targeted the top-level management of a global corporation based in Asia with the goal of stealing proprietary business information. It is often assumed that the group is based in Vietnam.”