In a surprising report from Facebook’s security team, they revealed that they believe the identity of APT32, also known as OceanLotus, is the cybersecurity firm CyberOne Group. OceanLotus, a threat group believed to do work on behalf of the government of Vietnam, has been around since 2014 and has carried out attacks from espionage to cryptocurrency scams. The group carried out a wide-spread campaign in 2019 that targeted automakers around the world. The groups also targeted Wuhan, China in an intelligence-gathering attack at the beginning of the COVID-19 pandemic. According to Facebook, the group would create falsified Facebook accounts pretending to be activists or companies and use their accounts to lure victims by sharing links to domains that they controlled. The links typically lead to phishing websites or malware. Some of the attacks tricked targeted people into downloading Android malware that the OceanLotus group managed to upload to the Google Play store. Facebook took down the accounts and blocked the known domains to prevent the group from using them in the future.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in