OceanLotus
High ConfidenceHigh ThreatAPT32 • Canvas Cyclone • SeaLotus • APT-C-00 • BISMUTH • OCEAN BUFFALO +1 more
OceanLotus, also known as APT32 and Canvas Cyclone, is a sophisticated cyber espionage group with suspected ties to the Vietnamese government. Active since at least 2012, the group primarily targets a wide range of industries and government entities across Southeast Asia, with a particular focus on Vietnam, the Philippines, Laos, and Cambodia. Their operations have also extended to the United States and Europe. OceanLotus is known for its persistent and adaptive nature, often tailoring its tools and techniques to specific targets and security measures. The group's primary motivation is espionage, focusing on stealing proprietary business information and intellectual property. They have a history of targeting foreign corporations with interests in Vietnam's manufacturing, consumer products, and hospitality sectors, as well as automotive companies, media organizations, and human rights groups. OceanLotus employs a variety of tactics, including strategic web compromises and spear-phishing campaigns, to gain initial access to target networks. They are known for their use of both custom-developed and publicly available malware and tools, including Cobalt Strike and Mimikatz, to achieve their objectives.
OceanLotus, also known as APT32 and Canvas Cyclone, is a sophisticated cyber espionage group with suspected ties to the Vietnamese government. Active since at least 2012, the group primarily targets a wide range of industries and government entities across Southeast Asia, with a particular focus on Vietnam, the Philippines, Laos, and Cambodia. Their operations have also extended to the United States and Europe. OceanLotus is known for its persistent and adaptive nature, often tailoring its tools and techniques to specific targets and security measures. The group's primary motivation is espionage, focusing on stealing proprietary business information and intellectual property. They have a history of targeting foreign corporations with interests in Vietnam's manufacturing, consumer products, and hospitality sectors, as well as automotive companies, media organizations, and human rights groups. OceanLotus employs a variety of tactics, including strategic web compromises and spear-phishing campaigns, to gain initial access to target networks. They are known for their use of both custom-developed and publicly available malware and tools, including Cobalt Strike and Mimikatz, to achieve their objectives.
Target Sectors
Target Regions
Attributed to State-Sponsored (Vietnam). Attribution confidence: High.
Future Outlook
OceanLotus is expected to continue operations targeting Government.
First observed activity
Ongoing operations