Vietnam-backed hackers used Philippine president’s website for attacks: report

A group of hackers alleged to be backed by Vietnam’s government compromised more than 100 websites to use in attacks, according to a Monday report from the cybersecurity firm Volexity.

The compromised websites included ones belonging to Chinese oil and navigation concerns, as well as the official website of Philippine president Rodrigo Duterte, according to the report.

{mosads}The group known as OceanLotus, also known as “Advanced Persistent Threat 32,” inserted code into the websites to allow it to profile potentially valuable visitors to steal their site and email credentials. 

Many of the sites leveraged in the attack belong to government agencies.

“A lot of the sites could step on government’s toes,” said Steven Adair, Volexity’s founder.

Volexity tied the attacks to APT 32 through the presence of malware known as Windshield exclusively used by the group, said Adair. He also noted that the victim pool appears to primarily be of interest to Vietnam, the nation long believed to be sponsoring APT 32.

The compromised sites included government ministries in Laos and Cambodia, the Chinese GPS-equivalent BDStar and several sites associated with the Association of Southeast Asian Nations. Around 80 of the 100 sites belonged to human rights and opposition figures and groups within Vietnam. 

Volexity assessed that these attacks make OceanLotus “one of the more sophisticated [advanced persistent threat] actors currently in operation,” according to the report.