top of page

Threat Actor Profile - APT32

Threat Actor: APT32; AKA "APT-C-00", "Ocean Lotus"

Date of Activity: ~2014-Present

Overview: Ocean Lotus, also known as APT32 or APT-C-00, is a cyber espionage group believed to be based in Vietnam. The group has been active since at least 2014 and has been involved in several high-profile attacks targeting various sectors, including government organizations, media, and corporations.

The group has been attributed to a number of attacks, including the 2016 cyber attack on the Philippine election commission, the 2017 cyber attack on a Vietnamese airline, and the 2018 cyber attack on a Cambodian election commission. In addition, the group has been involved in several attacks targeting Southeast Asian countries and organizations with political interests in the region.

One of the most notable characteristics of Ocean Lotus is their use of spear-phishing emails as a primary attack vector. The group often sends emails with malicious attachments or links to websites hosting malware in an attempt to lure victims into clicking on them. Once the victim has clicked on the attachment or link, the malware is downloaded onto their computer, allowing the group to gain access to their system and steal sensitive data.

Another technique employed by Ocean Lotus is the use of custom malware specifically designed for each attack. The group has been known to create unique malware for each target, making it difficult for security researchers to detect and analyze their attacks. In addition, the group has been known to use steganography techniques to hide their malware within images, making it even more difficult to detect.

Ocean Lotus is also believed to have links to the Vietnamese government, although the extent of their relationship is unclear. Some experts believe that the group operates on behalf of the Vietnamese government, while others believe that the group operates independently but has close ties to the government.


  • Nation-state tool set; to include implants and RATs

  • Intelligence collection against corporations and governments

  • Sophisticated Social Engineering

  • Implementing steganography and targeted malware

1 view0 comments

Recent Posts

The Latest

Get the daily newsletter that intelligence professionals rely on to stay informed.

Want Even More Content?