Facebook Inc. (NASDAQ:FB) security has revealed APT32’s real identity which is a cyber-espionage group linked to the Vietnamese government. The company said that it closed several accounts led to the group also called OceanLotus and APT-C-00.

Facebook shuts APT32’s accounts

According to Facebook, the hacking group conducted phishing and malware attacks targeted at Chinese entities to collect information on the coronavirus crisis. The group has been operational since 2021 and mostly targets foreign governments, journalists, dissents, and various industries. Facebook took the measure of shutting accounts related to the group after it established that they were spreading malware to infect users.

Mike Dvilyanski, Facebook’s cyber Threat Intelligence Manager and Head of Security Policy, Nathaniel Gleicher said that their investigation linked APT32 to the malicious activity. The executives said in a joint statement that APT32 is an advanced determined threat actor based in Vietnam. The group has targeted foreign governments such as Cambodia and Laos, NGOs, news agencies, and several businesses in the IT, hospitality, auto, retail, and mobile services industries with malware. They said that the malicious activity is linked to0 the CyberOne group.

CyberOne has not commented on the claims and efforts to reach the IT Company’s spokesperson bore no fruit. Facebook said that it was removing CyberOne’s accounts and pages to prevent it from using its infrastructure to abuse the social media platform by spreading malware and hacking user’s accounts.

CyberOne targets investors interested in investing in Vietnam

Since 2014, FireEye experts have observed the group target foreign corporations interested in Vietnam/s consumer products, manufacturing, and hospitality industries. The group also targeted peripheral network security, security firms, and tech infrastructure of big corporations having ties with foreign investors.

According to Dvilyanski and Gleicher, APT32 has been creating pages and accounts for fictitious users posing as business entities or activists on Facebook. Through romantic lures the hacking group shares links with the targets to different domains, they have hacked or they operate. These links result in malware or phishing which allows the group to spy on their victims.