1. Research APT32 or APT41 (choose one). Include:
   • Their known tactics, techniques, and procedures (TTPs)
   • Countries/industries targeted
   • Malware/ransomware families they deploy (e.g., Cobalt Strike, ShadowPad, etc.)

What kind of indicators of compromise (IOCs) would you monitor for?

APT 32: Also known as OceanLotus, is a cyber-espionage group that has been active since at least 2014. It is believed to be state-sponsored and linked to the Vietnamese government, though Vietnam has denied this.

Tactics, Techniques, and Procedures (TTPs)

APT32 uses a range of sophisticated techniques, including:

1. Spear Phishing

• APT32 delivers malware through targeted spear-phishing emails by attaching malicious attachments or links to emails.
• Often disguised as legitimate business communications and reach out to their prey via compromised websites.

2. Custom Malware

They use their own tailored malware families, such as KerrDown, Denes, Remy, PHOREAL (Rizzo), and loaders utilizing steganography embedded in PNG files to evade detection.

3. Living off the Land (LotL) Techniques

• They misuse legitimate tools like PowerShell, WMIC, scheduled tasks, and Windows registry autoruns to persist stealthily.

4. Backdoors & Payloads

• Deploys custom backdoors that allow long-term access to systems, often using HTTPS to hide in regular traffic.

5. Persistence & Evasion

• Uses obfuscation, encryption, and fileless techniques to avoid antivirus software and endpoint detection.

Targeted Countries and Industries

Countries: The group targets organizations in various industries in Vietnam and other Southeast Asian countries. Iran, Japan, Laos, Malaysia, Myanmar, Nepal, Netherlands, Philippines, Singapore, South Korea, Thailand, UK, USA, Vietnam, Australia, Bangladesh, Brunei, Cambodia, China, Denmark, Germany, India.

Target sectors: The targets of the Ocean Lotus group are generally foreign companies with significant success and interests in Vietnam’s hospitality, manufacturing, and consumer goods sectors. As well as the private sector, the Ocean Lotus group targets politicians and journalists opposed to the Vietnamese government.