• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » News » Facebook tracks ‘OceanLotus’ hackers to IT firm in Vietnam

Facebook tracks ‘OceanLotus’ hackers to IT firm in Vietnam

by Reuters
11 December 2020
in News
0
Facebook tracks ‘OceanLotus’ hackers to IT firm in Vietnam

The now-suspended Facebook page for the CyberOne Security is seen in this photo illustration taken in Washington, U.S., December 10, 2020. Picture taken December 10, 2020. REUTERS/Raphael Satter

9
SHARES

Cybersecurity investigators at Facebook have traced a hacking group long suspected of spying on behalf of the Vietnamese government to an IT company in Ho Chi Minh City. 

The announcement on Friday is the first time Facebook has publicly exposed an offensive hacking operation and, if confirmed, would be a rare case of suspected state-backed cyberspies being tracked to a specific organisation.

The hackers, known as OceanLotus or APT32, have been accused for years of spying on political dissidents, businesses and foreign officials. Reuters reported this year that the group had attempted to break into China’s Ministry of Emergency Management and the government of Wuhan as the COVID-19 outbreak first spread.

Facebook said it had found links between cyberattacks previously attributed to OceanLotus and a Vietnamese company called CyberOne Group, which lists an address on a sidestreet in a commercial district of Ho Chi Minh city. 

CyberOne Group denied being connected to the hackers.

“We are NOT Ocean Lotus,” a person operating the company’s now-suspended Facebook page said when contacted by Reuters. “It’s a mistake.”

Vietnam’s foreign ministry, which handles enquiries from international media, did not immediately respond to a request for comment. The ministry has previously denied connections to OceanLotus attacks. 

Facebook said the hackers had used its platforms to carry out a range of cyberattacks, some of which employed fake accounts to trick targets by posing as activists, businesses and possible love interests.

Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said his team had found technical evidence that linked CyberOne’s Facebook page to accounts used in the hacking campaign, as well as to other OceanLotus attacks.

He declined to detail the exact evidence, saying to do so would make the group more difficult to track in the future. But he said it included online infrastructure, malicious code, and other hacking tools and techniques. 

“The actors in this space use some very defined techniques and if we are too public about how we observe those, it really does harm our ability to catch more of this,” Gleicher said.

Movie theatre and yoga

Although OceanLotus has not gained the level of notoriety in the West as some suspected Chinese and Russian state-backed hacking operations, it has been prolific in southeast Asia.

Ben Read, a senior manager at U.S. cybersecurity firm FireEye, and Marc-Étienne Léveillé, a researcher at Slovakian software security group ESET, said the hacking activity uncovered by Facebook matched operations attributed to OceanLotus.

Read said OceanLotus had been active since at least 2013 and had “all the hallmarks of a substantial state-backed organisation acting in support of Vietnamese government”.

Facebook said it did not have sufficient evidence to attribute OceanLotus beyond CyberOne Group, which it said has also used the names CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, Planet and Diacauso.

CyberOne reveals little information about itself on its website, saying only that it has around 200 employees providing a range of “essential security technologies”.

A careers page that was removed shortly after Reuters contacted the company advertised positions for people with hacking skills and experience in malware analysis. Recruiters boasted of a generous benefits package, including free meals, a mini movie theatre and after-work yoga. 

In Vietnam, Facebook is navigating a standoff with government officials who have threatened to ban it if it does not agree to censorship demands.

Reuters reported in April that Facebook had complied with a government request to increase its censorship of “anti-state” posts after its servers in Vietnam were taken offline, slowing traffic there to a crawl.

(Additional reporting by Raphael Satter in Washington; Editing by Peter Graff)

Share9TweetShareShare

Related Posts

Italy consumer association sues Apple for planned iPhone obsolescence

Italy consumer association sues Apple for planned iPhone obsolescence

25 January 2021
Makers of Sophia the robot plan mass rollout amid pandemic

Makers of Sophia the robot plan mass rollout amid pandemic

25 January 2021
Elon Musk

Elon Musk to offer $100 million prize for ‘best’ carbon capture tech

22 January 2021
Alphabet shutting Loon, which used balloon alternative to cell towers

Alphabet shutting Loon, which used balloon alternative to cell towers

22 January 2021
Next Post
Apple is sued by rival over alleged App Store monopoly

Apple is sued by rival over alleged App Store monopoly

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83034 shares
    Share 83024 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Facebook is tracking you: learn how to delete all Facebook data

    57 shares
    Share 57 Tweet 0
  • ProtonMail review: have we found the most secure email provider in 2021?

    69 shares
    Share 69 Tweet 0
  • Custom mechanical keyboards – 17 coolest ones we’ve ever seen

    442 shares
    Share 441 Tweet 0
Teespring data leaked on hacker forum

8+ million Teespring user records leaked on hacker forum

25 January 2021
Italy consumer association sues Apple for planned iPhone obsolescence

Italy consumer association sues Apple for planned iPhone obsolescence

25 January 2021
Google on laptop and mobile

Google vs Australia: The Battle of the Precedents

25 January 2021
Makers of Sophia the robot plan mass rollout amid pandemic

Makers of Sophia the robot plan mass rollout amid pandemic

25 January 2021
Elon Musk

Elon Musk to offer $100 million prize for ‘best’ carbon capture tech

22 January 2021
Is there life on Mars?

Is there life on Mars?

22 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!