FireEye analyzed cyber espionage activities of APT32, a threat group believed to be operating out of Vietnam. APT32 has targeted private companies with business interests in Vietnam as well as foreign governments and dissidents since at least 2014. APT32 uses phishing emails with malicious attachments or links to infect victims and install backdoors on their systems. These backdoors include unique malware families as well as commercially available tools and communicate with command and control servers controlled by APT32. FireEye investigated multiple intrusions attributed to APT32 and outlined their targeting and sophisticated tactics.