Skip to main content

Facebook outs company behind infamous APT32 malware group, suspends accounts

Ransomware
(Image credit: Shutterstock)
Audio player loading…

Facebook has unexpectedly revealed the identity of the notorious APT32 hacking group that has been blamed for a number of malware (opens in new tab) campaigns stretching back almost a decade. Little was previously known about the group, apart from a widely-held suspicion that it was backed by the Vietnamese Government.

“APT32, an advanced persistent threat actor based in Vietnam, targeted Vietnamese human rights activists locally and abroad, various foreign governments including those in Laos and Cambodia, non-governmental organizations, news agencies and a number of businesses across information technology, hospitality, agriculture and commodities, hospitals, retail, the auto industry, and mobile services with malware,” explained (opens in new tab) the firm.

“Our investigation linked this activity to CyberOne Group, an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, Planet and Diacauso).”

Facebook said that the APT32 group used its platform to spread malware through a variety of methods. Normally this would involve sharing links with its victims that either led to compromised websites or malicious applications containing spyware that had been uploaded to the Google Play Store.

Group outing

The social network also revealed some of the group’s most commonly targeted victims, which included Vietnamese human rights activists, foreign governments, news agencies, and a broad spectrum of businesses.

In response to its discovery, Facebook has taken down all accounts and pages that it has deemed to have a connection to the APT32 group and blocked domains to prevent the group from re-surfacing on the platform. Facebook has also shared its discovery with other social networks and security firms so that they can take action against the group.

Facebook’s efforts to crack down on the APT32 group may prove controversial, however. While the group has been connected to a number of disruptive cyberattacks, it has largely avoided reprisals due to its supposed state-backing. It will be interesting to see which other organizations decide to go after APT32 following Facebook’s actions.

Via ZDNet (opens in new tab)

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.