Home News APT32 Hackers Target Vietnamese Human Rights Defenders in Spyware Attacks

APT32 Hackers Target Vietnamese Human Rights Defenders in Spyware Attacks

Vietnamese hacking group APT32 launched several spyware attacks on Vietnam-based human rights defenders (HRDs).


APT32, an infamous Vietnam-backed hacking group, is suspected to be behind a cyber campaign of spyware attacks targeting Vietnamese Human Rights Defenders (HRDs) between February 2018 and November 2020, an investigation by Amnesty Tech revealed.

Also known as Ocean Lotus and APT-C-00, the hacking group sent phishing emails to two popular Vietnamese human rights defenders, one based in Germany and another in the Philippines. Reportedly, the spyware used by APT32 operators allowed them to compromise systems, read and write victims’ documents, deploy malware, and monitor their victims’ activities.

“These latest attacks by Ocean Lotus highlight the repression Vietnamese activists at home and abroad face for standing up for human rights. This unlawful surveillance violates the right to privacy and stifles freedom of expression. The Vietnamese government must carry out an independent investigation. Any refusal to do so will only increase suspicions that the government is complicit in the Ocean Lotus attacks,” said Likhita Banerji, a researcher at Amnesty Tech.

The investigation also found that Ocean Lotus is linked to numerous cyberattacks since 2013, targeting the public, private, and civil society organizations in Vietnam. The group has enough capabilities including several variants of Mac OS spyware, Android spyware, and Windows spyware.

How to defend against Ocean Lotus

Amnesty Tech recommended certain security measures to defend against threats associated with Ocean Lotus:

  • Be careful when receiving emails with attachments or links. If you did not expect to receive the email or do not know the sender, do not click on the links in the email or open attached or shared files.
  • You should pay particularly close attention to shortened links, especially on social media.
  • Be careful when a website or application asks for access to your Google account. If it asks to access your emails (read, send, delete, and manage your email), do not accept unless you have full trust in the application getting access to it.
  • Enable two-factor authentication (2FA) on all your accounts, especially on your email.
  • Make sure your operating system and applications are up to date. Avoid using pirated system software and office tools, as serious damage can be caused to your PC by malware and spyware included within the copy of the pirated software you receive.