The OceanLotus hacking group is back with a new campaign in 2019 complete with new exploits, decoys, and self-extracting malicious archives.
Also known as APT32, SeaLotus, APT-C-00, and Cobalt Kitty, OceanLotus is a hacking group which operates across Asia and focuses on gathering valuable intel on corporate, government, and political entities across Vietnam, the Philippines, Laos, and Cambodia.
Human rights outfits, the media, research institutes, and maritime construction firms are the hackers’ preferred targets and past attacks against these types of organizations have been linked to their campaigns.
The threat actors have been leveraging new tactics this year. ESET researchers said in a blog post on Wednesday that of particular interest is the use of publicly-available exploits for a memory corruption vulnerability present in Microsoft Office, CVE-2017-11882, which has been tailored for use in OceanLotus phishing attempts.