Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal

Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal: A set of remote access tools used by Vietnam’s top hacking group remained largely undetected for years despite their reliance on sloppy code and other hacking techniques that fall short of the group’s normally high standard, according to research published Monday by BlackBerry Cylance. The OceanLotus group, also known as APT32, has gained notoriety in recent years for using carefully crafted tools to breach companies with business interests in Vietnam, particularly in the manufacturing and hospitality sectors. But use of the newfound remote access trojans (RATs), known as Ratsnif, is out of character for OceanLotus, a technically advanced group that projects power in cyberspace in support of Vietnamese interests. BlackBerry Cylance’s new analysis shows how state-aligned groups can select from a range of malware that varies in sophistication, only using what is necessary against a target organization. There is “sloppy code [and] programmatical errors and debug messages not typically present in OceanLotus malware,” said Tom Bonner, BlackBerry Cylance’s director of threat research …

explicita