Cybersecurity investigators at Facebook have just spotted a group of hackers suspected of spying for the Vietnamese government for a long time, naming a technology company in Ho Chi Minh City. Reuters reported on December 12 of the US-based social networking site, saying that if the information is confirmed, this will be the first time Facebook has publicly announced the hacking activity, and it is also the rare instance of a group of alleged state-backed hackers being monitored by a particular organization.
The known APT32 hacker group, also known as OceanLotus, has been accused for years of tracking down dissidents, businesses and foreign officials.
Earlier this year, Reuters reported that a group of hackers attempted to break into China’s Emergency Management Department and the authorities in Wuhan when the first outbreak of COVID-19 spread. This event is believed to be related to why Vietnam responded so quickly and effectively to the prevention of outbreaks in the first place.
Facebook said it found a link between the previously alleged cyber attacks by OceanLotus and a Vietnamese company called CyberOne Group, or Planet Company.
“We are not OceanLotus,” a Facebook operator (currently suspended) of the company in Vietnam told Reuters. “That is a mistake.”
Vietnam’s Ministry of Foreign Affairs has not yet responded to a request for comment from the British news agency. The ministry has previously denied being involved in OceanLotus’ attacks.
Facebook said the hackers used their platforms to carry out a variety of cyber-attacks. Some of them use fake accounts to deceive their targets by pretending to be activists, businesses, and possibly love seekers.
Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said his team found technical evidence linking CyberOne’s Facebook page to accounts used in the hacking campaign as well as to the other attacks of OceanLotus.
Gleicher declined to detail the evidence on reasons that it would make it harder for the team to track hackers in the future but said the techniques related to online infrastructure, malware, and other Other attack tools and techniques.
OceanLotus is said not to be “well known” in the West than hacker groups backed by China and Russia but is well known for its strong activities in Southeast Asia.
Some experts believe the group has been in operation since at least 2013 and has “all the signs of a state-backed organization supporting the Vietnamese government.”