APT32
State-backed: Vietnam
Associated Groups : SeaLotus, OceanLotus, APT-C-00
Estimated time of origin: 2014
Target: Foreign companies doing business in Vietnam.
Strategy : Phishing campaign exploiting Adobe Flash (CVE-2015-3113 & CVE-2015-5119) and bypass Address Space Layout Randomization (ASLR), and uses Return-Oriented Programming (ROP) to bypass Data Execution Prevention (DEP).
Malwares:
Noteworthy:
- Targeting business doing business in Vietnam.
Reference
FireEye: Cyber Espionage is Alive and Well MITRE ATT&CK