SlideShare a Scribd company logo

Course Final Project on OceanLotus by Lino Lazarous Marino Ija

Download as PPTX, PDF
R
Right Tech Centre

Case study on threat actor OceanLotus by Lino Lazarous Marino Ija.

Technology
1 of 20
University of Maryland, College Park Cybersecurity For Everyone COURSE FINAL PROJECT ON OCEANLOTUS By Lino Lazarous Marino Ija
OceanLotus OceanLotus is also known as APT32. It is the threat actor associate group that has its base in Vietnam which was been active since 2014. The group has compromised various industries like manufacturing, network security, technology infrastructure, banking, media, and consumer products. Their signature malware payload includes WINDSHIELD, KOMPROGO, SOUNDBITE, and PHOREAL. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The skill level and resources available to OceanLotus OceanLotus actors are targeting peripheral Network security and technology infrastructure corporations including political demonstrators and foreign officials to obtain confidential information. OceanLotus have high skill levels and access to resources. OceanLotus has recently started using a new backdoor, which sideloads into a legitimate Symantec dll file. They leverage ActiveMime files that employ social engineering methods to entice the victim into enabling macros. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The motivations of OceanLotus OceanLotus are motivated by two main thematic;  To disturb the Vietnamese private sector.  To strengthen the finance of Vietnam. They use various tactics like persistent malware, spear-phishing, and social engineering techniques to carry out their attacks. OceanLotus utilize specific tradecraft, tactics, and processes to act on their motivations. They also utilize the Lockheed Martin Kill Chain. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The specific geo-political context OceanLotus are operating in OceanLotus are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. OceanLotus actors designed multilingual lure documents which were tailored to specific victims. These files were likely created by exporting Word documents into single file web pages. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The hacking process for OceanLotus The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data that helps us understand and combat ransomware, security breaches, and advanced persistent attacks. Lockheed Martin derived the kill chain framework from a military model – originally established to identify, prepare to attack, engage, and destroy the target. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The hacking process for OceanLotus Continuation… o Reconnaissance OceanLotus observe the outside-in, to identify their targets and tactics for the attack. o Intrusion Based on what the OceanLotus discovered in the reconnaissance phase, they’re able to get into the systems on target: often leveraging malware or security vulnerabilities. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The hacking process for OceanLotus Continuation… o Exploitation The act of exploiting vulnerabilities, and delivering malicious code onto the system, in order to get a better foothold. o Privilege Escalation OceanLotus often need more privileges on a system to get access to more data and permissions: for this, they need to escalate their privileges often to an Admin. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The hacking process for OceanLotus Continuation… o Lateral Movement Once OceanLotus are in the system, they can move laterally to other systems and accounts in order to gain more leverage: that’s higher permissions, more data, or greater access to systems. o Obfuscation / Anti-forensics OceanLotus need to cover their tracks in order to successfully pull off a cyberattack, and in this stage they often lay false trails, compromise data, and clear logs to confuse. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The hacking process for OceanLotus Continuation… o Denial of Service OceanLotus disrupt the normal access for users and systems, in order to stop the attack from being monitored, tracked, or blocked o Exfiltration This is where OceanLotus gets data out of the compromised system. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The range of efforts used by OceanLotus Over the years, OceanLotus has been involved in very many threat actors since 2014 in which we are going to look on some of them;  June 2017: A new OceanLotus variant is distributed via a ZIP file, likely sent as an attachment in an email. The majority of victims are located in Vietnam. Apple has already issued an update to protect systems running MacOS X from this threat. (Palo Alto Networks) 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The range of efforts used by OceanLotus Continuation…  In 2020, Bloomberg reported that OceanLotus had targeted China’s Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic.  In 2020, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
The range of efforts used by OceanLotus Continuation…  In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bui Thanh Hieu.  Volexity has identified a number of new attacks being carried out by the Vietnamese threat actor OceanLotus, which has been targeting Vietnamese-language news websites and Facebook pages in 2020. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
Case studies of attacks OceanLotus were involved in Over the years, OceanLotus are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.  In 2020, Bloomberg reported that OceanLotus had targeted China’s Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic. The Vietnamese Ministry of Foreign Affairs called the accusations unfounded. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
Case studies of attacks OceanLotus were involved in Continuation…  In 2020, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware.  In November 2020 Volexity researchers disclosed that OceanLotus had set up fake news websites and Facebook pages to both engage in web profiling and distribute malware.  In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bui Thanh Hieu. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
Case studies of attacks OceanLotus were involved in Continuation…  Volexity has identified a number of attacks being carried out by the Vietnamese OceanLotus, which has been targeting Vietnamese-language news websites and Facebook pages in 2020.  The secondary effect is directly on the IT system, for example, as designated by FireEye, OceanLotus are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
Primary, secondary and second order effects where OeanLotus were involved in The secondary effects: OceanLotus get access to all the details of Vietnamese human rights activists including the working staffs. The last one is second order effects. Volexity identified multiple Vietnamese-language news websites that appeared to be compromised, as they were being used to load an OceanLotus web profiling framework. The exact functionality varied from site to site, but the goal of these frameworks was to gather information about site visitors and, in some cases, deliver malware. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
Characteristics of OceanLotus as private and public concern for policy makers and respond for policy makers Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. They can be classified as private and public concern. OceanLotus leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
Characteristics of OceanLotus as private and public concern for policy makers and respond for policy makers Continuation… OceanLotus aims at two objectives;  To disturb the Vietnamese private sector.  To strengthen the finance of Vietnam. The policy makers should create laws and make good use of the laws. Because sometimes the laws are their but they are not followed. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
References • https://www.volexity.com/blog/2020/11/06/oceanlotus- • https://malpedia.caad.fkie.fraunhofer.de/actor/apt32 • https://know.netenrich.com/blog/oceanlotus-do-you-know-this-threat-actor/ • https://www.mandiant.com/resources/blog/cyber-espionage-apt32 • https://attack.mitre.org/groups/G0050/ 11/2/2023 Course Final Project By Lino Lazarous Marino Ija

Recommended

Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptx
MALCOMNORONHA1
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
Fwem
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdf
HamzaAfzal61
 
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxFinal Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
AbdulhafizAhmed3
 
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIATHREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
ETDAofficialRegist
 
OceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksOceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old Tricks
ESET Middle East
 
Final Assignment.pptx
Final Assignment.pptxFinal Assignment.pptx
Final Assignment.pptx
HariNathaReddy14
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018
jubke
 

Recommended

Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptx
MALCOMNORONHA1
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
Fwem
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdf
HamzaAfzal61
 
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxFinal Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
AbdulhafizAhmed3
 
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIATHREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
ETDAofficialRegist
 
OceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksOceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old Tricks
ESET Middle East
 
Final Assignment.pptx
Final Assignment.pptxFinal Assignment.pptx
Final Assignment.pptx
HariNathaReddy14
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018
jubke
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
Andy Thompson
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
Slamet Ar Rokhim
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
Nick Bilogorskiy
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
Jithin James
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
MALWARE
MALWAREMALWARE
MALWARE
Anupam Das
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Harendra Singh
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
Hardeep Bhurji
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
 
Stuxnet
StuxnetStuxnet
Stuxnet
Shishir Aryal
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacks
dinCloud Inc.
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
Phishing simulation exercises
Phishing simulation exercisesPhishing simulation exercises
Phishing simulation exercises
Jisc
 
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
Vishni Ganepola
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
Skycure
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
RIFDHY RM ( Cybersecurity ).pdf
RIFDHY RM ( Cybersecurity ).pdfRIFDHY RM ( Cybersecurity ).pdf
RIFDHY RM ( Cybersecurity ).pdf
RifDhy22
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
Комсс Файквэе
 

More Related Content

What's hot

The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
Nicholas Poole
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
Vishni Ganepola
 

What's hot (20)

Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
 
MALWARE
MALWAREMALWARE
MALWARE
 
Ransomware
RansomwareRansomware
Ransomware
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacks
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
 
Phishing simulation exercises
Phishing simulation exercisesPhishing simulation exercises
Phishing simulation exercises
 
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
 
Malware
MalwareMalware
Malware
 

Similar to Course Final Project on OceanLotus by Lino Lazarous Marino Ija

On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
Matthew Kurnava
 
Butterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainButterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial Gain
Symantec
 
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYTHE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
ijcsit
 
The Professionalization of the Hacker Industry
The Professionalization of the Hacker IndustryThe Professionalization of the Hacker Industry
The Professionalization of the Hacker Industry
AIRCC Publishing Corporation
 
How_effective_are_policies_which_increas
How_effective_are_policies_which_increasHow_effective_are_policies_which_increas
How_effective_are_policies_which_increas
Ivan Rainovski
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
Andreas Hiller
 

Similar to Course Final Project on OceanLotus by Lino Lazarous Marino Ija (20)

RIFDHY RM ( Cybersecurity ).pdf
RIFDHY RM ( Cybersecurity ).pdfRIFDHY RM ( Cybersecurity ).pdf
RIFDHY RM ( Cybersecurity ).pdf
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
YiR2022-External-Final.pdf
YiR2022-External-Final.pdfYiR2022-External-Final.pdf
YiR2022-External-Final.pdf
 
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
 
Butterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainButterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial Gain
 
Ivp soc driven-vulnerability_02_2014_eng
Ivp soc driven-vulnerability_02_2014_engIvp soc driven-vulnerability_02_2014_eng
Ivp soc driven-vulnerability_02_2014_eng
 
Secureview 2q 2011
Secureview 2q 2011Secureview 2q 2011
Secureview 2q 2011
 
F-Secure Security Threat Report, H1 2012
F-Secure Security Threat Report, H1 2012F-Secure Security Threat Report, H1 2012
F-Secure Security Threat Report, H1 2012
 
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYTHE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
 
The Professionalization of the Hacker Industry
The Professionalization of the Hacker IndustryThe Professionalization of the Hacker Industry
The Professionalization of the Hacker Industry
 
Understanding the mirai botnet
Understanding the mirai botnetUnderstanding the mirai botnet
Understanding the mirai botnet
 
How_effective_are_policies_which_increas
How_effective_are_policies_which_increasHow_effective_are_policies_which_increas
How_effective_are_policies_which_increas
 
SOPHOS Threat Report.pdf
SOPHOS Threat Report.pdfSOPHOS Threat Report.pdf
SOPHOS Threat Report.pdf
 
Seminar on Internet security
Seminar on Internet securitySeminar on Internet security
Seminar on Internet security
 
Secureview 4 - 2010
Secureview 4 - 2010Secureview 4 - 2010
Secureview 4 - 2010
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010
 
Tails Linux Operating System: The Amnesiac Incognito System in Times of High ...
Tails Linux Operating System: The Amnesiac Incognito System in Times of High ...Tails Linux Operating System: The Amnesiac Incognito System in Times of High ...
Tails Linux Operating System: The Amnesiac Incognito System in Times of High ...
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
 
Security Wars
Security WarsSecurity Wars
Security Wars
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 

Course Final Project on OceanLotus by Lino Lazarous Marino Ija

  • 1. University of Maryland, College Park Cybersecurity For Everyone COURSE FINAL PROJECT ON OCEANLOTUS By Lino Lazarous Marino Ija
  • 2. OceanLotus OceanLotus is also known as APT32. It is the threat actor associate group that has its base in Vietnam which was been active since 2014. The group has compromised various industries like manufacturing, network security, technology infrastructure, banking, media, and consumer products. Their signature malware payload includes WINDSHIELD, KOMPROGO, SOUNDBITE, and PHOREAL. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 3. The skill level and resources available to OceanLotus OceanLotus actors are targeting peripheral Network security and technology infrastructure corporations including political demonstrators and foreign officials to obtain confidential information. OceanLotus have high skill levels and access to resources. OceanLotus has recently started using a new backdoor, which sideloads into a legitimate Symantec dll file. They leverage ActiveMime files that employ social engineering methods to entice the victim into enabling macros. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 4. The motivations of OceanLotus OceanLotus are motivated by two main thematic;  To disturb the Vietnamese private sector.  To strengthen the finance of Vietnam. They use various tactics like persistent malware, spear-phishing, and social engineering techniques to carry out their attacks. OceanLotus utilize specific tradecraft, tactics, and processes to act on their motivations. They also utilize the Lockheed Martin Kill Chain. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 5. The specific geo-political context OceanLotus are operating in OceanLotus are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. OceanLotus actors designed multilingual lure documents which were tailored to specific victims. These files were likely created by exporting Word documents into single file web pages. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 6. The hacking process for OceanLotus The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data that helps us understand and combat ransomware, security breaches, and advanced persistent attacks. Lockheed Martin derived the kill chain framework from a military model – originally established to identify, prepare to attack, engage, and destroy the target. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 7. The hacking process for OceanLotus Continuation… o Reconnaissance OceanLotus observe the outside-in, to identify their targets and tactics for the attack. o Intrusion Based on what the OceanLotus discovered in the reconnaissance phase, they’re able to get into the systems on target: often leveraging malware or security vulnerabilities. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 8. The hacking process for OceanLotus Continuation… o Exploitation The act of exploiting vulnerabilities, and delivering malicious code onto the system, in order to get a better foothold. o Privilege Escalation OceanLotus often need more privileges on a system to get access to more data and permissions: for this, they need to escalate their privileges often to an Admin. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 9. The hacking process for OceanLotus Continuation… o Lateral Movement Once OceanLotus are in the system, they can move laterally to other systems and accounts in order to gain more leverage: that’s higher permissions, more data, or greater access to systems. o Obfuscation / Anti-forensics OceanLotus need to cover their tracks in order to successfully pull off a cyberattack, and in this stage they often lay false trails, compromise data, and clear logs to confuse. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 10. The hacking process for OceanLotus Continuation… o Denial of Service OceanLotus disrupt the normal access for users and systems, in order to stop the attack from being monitored, tracked, or blocked o Exfiltration This is where OceanLotus gets data out of the compromised system. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 11. The range of efforts used by OceanLotus Over the years, OceanLotus has been involved in very many threat actors since 2014 in which we are going to look on some of them;  June 2017: A new OceanLotus variant is distributed via a ZIP file, likely sent as an attachment in an email. The majority of victims are located in Vietnam. Apple has already issued an update to protect systems running MacOS X from this threat. (Palo Alto Networks) 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 12. The range of efforts used by OceanLotus Continuation…  In 2020, Bloomberg reported that OceanLotus had targeted China’s Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic.  In 2020, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 13. The range of efforts used by OceanLotus Continuation…  In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bui Thanh Hieu.  Volexity has identified a number of new attacks being carried out by the Vietnamese threat actor OceanLotus, which has been targeting Vietnamese-language news websites and Facebook pages in 2020. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 14. Case studies of attacks OceanLotus were involved in Over the years, OceanLotus are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.  In 2020, Bloomberg reported that OceanLotus had targeted China’s Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic. The Vietnamese Ministry of Foreign Affairs called the accusations unfounded. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 15. Case studies of attacks OceanLotus were involved in Continuation…  In 2020, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware.  In November 2020 Volexity researchers disclosed that OceanLotus had set up fake news websites and Facebook pages to both engage in web profiling and distribute malware.  In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bui Thanh Hieu. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 16. Case studies of attacks OceanLotus were involved in Continuation…  Volexity has identified a number of attacks being carried out by the Vietnamese OceanLotus, which has been targeting Vietnamese-language news websites and Facebook pages in 2020.  The secondary effect is directly on the IT system, for example, as designated by FireEye, OceanLotus are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 17. Primary, secondary and second order effects where OeanLotus were involved in The secondary effects: OceanLotus get access to all the details of Vietnamese human rights activists including the working staffs. The last one is second order effects. Volexity identified multiple Vietnamese-language news websites that appeared to be compromised, as they were being used to load an OceanLotus web profiling framework. The exact functionality varied from site to site, but the goal of these frameworks was to gather information about site visitors and, in some cases, deliver malware. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 18. Characteristics of OceanLotus as private and public concern for policy makers and respond for policy makers Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. They can be classified as private and public concern. OceanLotus leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 19. Characteristics of OceanLotus as private and public concern for policy makers and respond for policy makers Continuation… OceanLotus aims at two objectives;  To disturb the Vietnamese private sector.  To strengthen the finance of Vietnam. The policy makers should create laws and make good use of the laws. Because sometimes the laws are their but they are not followed. 11/2/2023 Course Final Project By Lino Lazarous Marino Ija
  • 20. References • https://www.volexity.com/blog/2020/11/06/oceanlotus- • https://malpedia.caad.fkie.fraunhofer.de/actor/apt32 • https://know.netenrich.com/blog/oceanlotus-do-you-know-this-threat-actor/ • https://www.mandiant.com/resources/blog/cyber-espionage-apt32 • https://attack.mitre.org/groups/G0050/ 11/2/2023 Course Final Project By Lino Lazarous Marino Ija