Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
Amnesty International: Ocean Lotus targeted Vietnamese human rights defenders. The APT (aka APT32) is behind several spyware attacks between 2018 and November 2020
Ocean Lotus (aka APT32) has coordinated several spyware attacks targeting Vietnamese human rights defenders. It has been denounced by Amnesty International. There is evidence in phishing emails sent to two prominent Vietnamese human rights defenders, one of whom lives in Germany, and a Vietnamese NGO based in the Philippines, showing that the APT is responsible for the attacks between 2018 and November 2020. The hacking group has been repeatedly identified by cybersecurity firms as targeting Vietnamese political dissidents, foreign governments and companies. It is responsible for numerous targeted cyber-attacks, dating back to at least 2013, on different industries, government agencies of neighboring countries to Viet Nam and civil society organizations. It has developed sophisticated capabilities comprising several variants of Mac OS, Android and Windows spyware. Amnesty International shared its findings with the Viet Nam authorities and has not received a response at the time of publication.