Skip to main content

Facebook outs company behind infamous APT32 malware group, suspends accounts

Ransomware
(Image credit: Shutterstock)

Facebook has unexpectedly revealed the identity of the notorious APT32 hacking group that has been blamed for a number of malware campaigns stretching back almost a decade. Little was previously known about the group, apart from a widely-held suspicion that it was backed by the Vietnamese Government.

“APT32, an advanced persistent threat actor based in Vietnam, targeted Vietnamese human rights activists locally and abroad, various foreign governments including those in Laos and Cambodia, non-governmental organizations, news agencies and a number of businesses across information technology, hospitality, agriculture and commodities, hospitals, retail, the auto industry, and mobile services with malware,” explained the firm.

“Our investigation linked this activity to CyberOne Group, an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, Planet and Diacauso).”

Facebook said that the APT32 group used its platform to spread malware through a variety of methods. Normally this would involve sharing links with its victims that either led to compromised websites or malicious applications containing spyware that had been uploaded to the Google Play Store.

Group outing

The social network also revealed some of the group’s most commonly targeted victims, which included Vietnamese human rights activists, foreign governments, news agencies, and a broad spectrum of businesses.

In response to its discovery, Facebook has taken down all accounts and pages that it has deemed to have a connection to the APT32 group and blocked domains to prevent the group from re-surfacing on the platform. Facebook has also shared its discovery with other social networks and security firms so that they can take action against the group.

Facebook’s efforts to crack down on the APT32 group may prove controversial, however. While the group has been connected to a number of disruptive cyberattacks, it has largely avoided reprisals due to its supposed state-backing. It will be interesting to see which other organizations decide to go after APT32 following Facebook’s actions.

Via ZDNet