But if Facebook is accurate in its attribution remains to be seen.įacebook's actions are surprising, to say the least, and are bound to attract scrutiny not only from government officials in Vietnam and all the hacked countries but also from the cyber-security industry. Facebook's attribution will be controversial & disputedĪccording to Facebook, this maturity comes from the fact that behind APT32 is an actual cyber-security firm. Social engineering, drive-by downloads, Office bugs, custom malware, abusing open-source tools, public exploits, macOS malware - the group has used them all.Īlthough often ignored in cyber-security reports because of its links to Vietnam, the group has often shown prowess in shifting tactics and hacking tools across the years, a sign that they have the resources and knowledge to adapt. But this versatility also extends to its arsenal of hacking tools. This versatility in targeting is a staple of a mature threat actor. In what experts have described as a persistent campaign to steal intellectual property to support Vietnam's state-funded fledgling automotive startup VinFast, the group hit and stole data from the likes of BMW, Hyundai, Toyota Australia, Toyota Japan, and even Toyota Vietnam, all in succession, in a small time window.įurthermore, when the coronavirus pandemic hit the world earlier this year, APT32 also re-focused on gathering COVID-19 data, even targeting government officials in Wuhan, China, where the first cases were recorded, seeking information about the disease. The best example of this targeting has been the group's widespread attacks on automakers in 2019. This not only included the affairs of neighboring countries, but also attacks on political dissidents and activists, and even private businesses that the group might believe are of interest to the Vietnamese government. Its past operations are a literal smorgasbord of activity, and the group has been linked to attacks on almost everything of interest to the Vietnamese state. A long string of hacksīelieved to have begun operating in 2014, the APT32 group is also often referred to as OceanLotus. The social network also shared YARA rules and malware signatures, so other social networks and security firms can also take action and protect their users. and, businesses across information technology, hospitality, agriculture and commodities, hospitals, retail, the auto industry, and mobile servicesįacebook said that besides taking down the group's accounts and pages, they have also blocked the group's domains, so they can't be re-used again under new accounts APT32 might set up in the future.Foreign governments, including those in Laos and Cambodia.Vietnamese human rights activists locally and abroad.
#Facebook hacking now android#
The links would usually lead to phishing or malware, or would even include links to Android apps that the group had managed to upload on the official Play Store, allowing them to spy on their victims.īased on its insights into this campaign, Facebook said the group targeted entities such as: Using romantic or other lures, the group would often share links with their targets to various domains they either hacked or operated themselves. APT32 used Facebook to approach targetsĪccording to Gleicher and Dvilyanski, APT32 operated on Facebook by creating accounts and pages for fictitious personas, usually posing as activists or business entities. "Our investigation linked this activity to CyberOne Group, an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, Planet and Diacauso)," said Nathaniel Gleicher, Head of Security Policy at Facebook, and Mike Dvilyanski, Cyber Threat Intelligence Manager.Ī CyberOne spokesperson could not be reached for comment over the phone, as a previously listed phone number was offline. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect users. There can now be millions - or even billions - of dollars at risk when information security isn't handled properly. Today's security threats have expanded in scope and seriousness.