SlideShare a Scribd company logo
OCEAN
LOTUS
CYBER-THREAT ACTORS
Completed
by
John Sitima
In partial fulfilment of
Cybersecurity for Everyone
(C) 2024
johnsitima@gmail.com
Cybersecurity.
Cybersecurity refers to the
practice of protecting
internet-connected
systems, including
hardware, software, and
data, from attack, damage,
or unauthorized access
Threat actors
These are individuals or
groups who purposefully
harm digital devices or
systems.
Ocean Lotus
also known as APT32,
BISMUTH, Canvas Cyclone
or APT-C-00
OceanLotus, also recognized as APT32, is a
threat actor that emerged from Vietnam in 2014.
This group has focused on various sectors such
as manufacturing, network security, technology
infrastructure, banking, media, and consumer
products.
Their Level of skill
Ocean Lotus has demonstrated a high level of
technical sophistication and operational
competency. The group has shown the ability to
conduct long-term intrusion campaigns, maintain
persistent access to targeted networks, and
evade detection by employing advanced
obfuscation and anti-forensic techniques.
They are also known by the following Aliases
capability and tactics used by ocean
lotus cyber threat actors
The APT32 group has been known to employ a wide
range of attack vectors and tools to compromise its
targets. These include spear-phishing emails,
watering hole attacks, social engineering techniques,
and the use of custom malware. The group has been
observed using various malware families, such as
Cobalt Strike, PlugX, and PowerShell-based
backdoors, to establish persistence on
compromised systems and exfiltrate sensitive data.
Targets of the Ocean Lotus
The group's activities have primarily targeted
government organizations, foreign corporations,
dissidents, journalists, and other entities of interest
to the Vietnamese government.
The group has been linked to cyber attacks
targeting dissidents and human rights activists,
indicating a broader agenda that includes monitoring
and suppressing internal dissent (amnesty 2021).
The motivations of the OCEANLOTUS threat actor
are believed to be primarily related to espionage and
intelligence gathering. They have been known to
target government agencies, defense contractors,
and. technology companies to steal sensitive
information that could be used for strategic or
financial gain.
The targets of the Ocean Lotus group are generally
foreign companies with sure success and interests
in Vietnam’s hospitality, manufacturing, and
consumer goods sectors. As well as the private
sector, the Ocean Lotus group targets politicians
and journalists opposed to the Vietnamese
government. (Brandefense 2022)
Motivations of the Ocean Lotus
The group has been known to employ a wide range
of attack vectors and tools to compromise its
targets. These include spear-phishing emails,
watering hole attacks, social engineering
techniques, and the use of custom malware.
The group has been observed using various
malware families, such as Cobalt Strike, PlugX, and
PowerShell-based backdoors, to establish
persistence on compromised systems and
exfiltrate sensitive data for ransom and corporate
espionage.
Ocean Lotus Geo-Political context
The cyberespionage group Ocean Lotus, active
since 2014, targets organizations in various
industries in Vietnam and other Southeast Asian
countries.
Insights on the Ocean Lotus modus
operandi
THE HACKING PROCESS
This is a security defence model developed by Lockheed Martin in to
identify and stop sophisticated cyberattacks before they impact an
organization. The concept include the following steps:
i. Reconnaissance
ii. Weaponization
iii. Delivery
iv. Exploitation
v. Installation
vi. Command and Control
vii. Action on target.
(Source: lockeheedmartin.com 2012)
Based on the above, the researcher has created an acronym to easy
assimilation and conceptualization of the 7 steps of the CKC which
is (Real, Warriors, D, I,E, Commanding, Action on target)
The Ocean Lotus Group has utilised these steps in exploiting their
The Lockheed Martin Cyber Kill Chain
(CKC)
The Ocean Lotus cyber actors groupemploy a diverse range of
tactics, techniques, and procedures (TTPs) to target and
compromise their victims. According to (Source: Kaspersky.com
2019) some of the key tactics used by the group include:
Tactics used by Ocean lotus actors
on their targets.
1.. Spear-Phishing Attacks:
Ocean Lotus is known for conducting highly targeted spear-phishing
campaigns, often using socially engineered lures related to the victim's
interests or industry.
The group leverages malicious attachments or links in the phishing
emails to deliver their custom malware payloads.
2. Watering Hole Attacks:
The group has been observed setting up malicious websites or
compromising legitimate websites frequented by their targets.
These watering hole attacks aim to infect visitors with malware when
they access the compromised web resources.
3. Social Engineering:
Ocean Lotus actors rely heavily on social engineering techniques to
gather information about their targets and gain their trust.
...Tactics used by Ocea lotus actors on
their targets.(Continued)
4. Malware Deployment:
The group has been linked to the use of various custom-made malware
families, including Cobalt Strike, PlugX, and PowerShell-based
backdoors.These malware are designed to establish persistent access,
exfiltrate data, and conduct further reconnaissance on the
compromised systems.
5. Exploitation of Vulnerabilities:
Ocean Lotus actors actively seek out and exploit vulnerabilities in
popular software, operating systems, and web applications to gain
initial access to their targets. They often leverage zero-day
vulnerabilities to bypass security measures and maintain a stealthy
presence on the compromised systems.
6. Lateral Movement and Privilege Escalation:
Once inside the target network, the group employs techniques to move
laterally and escalate privileges, allowing them to access sensitive data
and resources.
This includes the use of credential harvesting, privilege escalation
exploits, and tools like Mimikatz.
...Tactics used by Ocea lotus actors on
their targets.(Continued)
7. Data Exfiltration:
The ultimate goal of Ocean Lotus's operations is to gather intelligence
and exfiltrate sensitive data from their targets.
The group has been observed using various techniques, such as
encrypted data transfers, to siphon off valuable information without
raising suspicion.
8. Operational Security and Obfuscation:
To evade detection and maintain persistent access, Ocean Lotus
actors employ advanced obfuscation techniques, such as code
encryption, anti-analysis measures, and the use of legitimate network
protocols for command-and-control communications.
Case 1: In 2017,
Ocean Lotus carried out a campaign against Vietnam's National
Assembly. The group sent spear phishing emails containing a link to a
fake website that mimicked the National Assembly's intranet login page.
Victims who attempted to log in had their credentials stolen by Ocean
Lotus.
The Effects:
Primary effects:-
Defacement of website happened. The threat actors got credentials of
the Vietnam’s National Assembly members via the intranet. This target
made the intranet to be inoperable for some time.
Secondary effects:-
The attack disrupted the functioning of the intranet resulting in
secondary effects of ineffective functioning of the Vietnam’s National
Assembly) in their Government duties.
Second order effects:-
Data integrity ans exposure of confidential parliament details its
structures and leadership exposed by this threat action resulted in
general people fearing of privacy of their own data and privacy.
Cases studies of cyber attacks by
Ocean Lotus Group and their effects
over the years.
Case 2: Operation Cobalt Kitty 20... (Source : Cyberreason.com 2019)
Operation Cobalt Kitty, Ocean Lotus group targeted global
corporations based in Asia with the goal of stealing proprietary business
information. The threat actor targeted the company’s top-level
management by using spear-phishing attacks as the initial penetration
vector.
The Effects: Primary effects:-
The attack directly compromised more than 40 PCs and servers,
including the domain controller, file servers, Web application server and
database server making them inoperable for a time.
Secondary effects:-
The attack disrupted the functioning of the the companies resulting in
secondary effects of loss of revenue and income.
Second order effects:-
Data integrity and exposure of confidential corporate private and
secret data were some of the most serious second order effects of the
attack..
Cases studies of cyber attacks by Ocean
Lotus Group and their effects over the
years... Continued
Case 3: 2014 Action on US-based NGO Electronic Frontier
Foundation (EFF) the Associated Press international news organization
and two Vietnamese activists. (Source : Amnesty.org 2021)
Operation Cobalt Kitty, Ocean Lotus group targeted global corporations
based in Asia with the goal of stealing proprietary business information.
The threat actor targeted the company’s top-level management by
using spear-phishing attacks as the initial penetration vector.
The Effects: Primary effects:-
The attack directly compromised more than 40 PCs and servers,
including the domain controller, file servers, Web application server and
database server making them inoperable for a time.
Secondary effects:-
The attack disrupted the functioning of the the companies resulting in
secondary effects of loss of revenue and income.
Second order effects:-
Data integrity and exposure of confidential corporate private and
secret data were some of the most serious second order effects of the
attack..
Cases studies of cyber attacks by Ocean
Lotus Group and their effects over the
years... Continued
Case 4: 2020 A report by Bloomberg highlighted that as back as 06
January 2020 in the midst of the corona virus pandemic cyber attacks by
Ocean Lotus were going on, targeting the Chinese Government and
continued through April, a senior manager for cyber-espionage at Fire Eye
Inc and officials in the Chinese Government threat intelligence unit were
quoted saying. (Source : Bloomberg.com 2020)
The OceanLotus used spear-phishing and malware fit modus operandi to
target China's Ministry of Emergency Management and the Wuhan
municipal government in order to obtain information about the COVID-19
pandemic. The Vietnamese Ministry of Foreign Affairs denied the
accusations.
The Effects: Primary effects:-
The attack directly compromised workstations and file servers, Web
application server and database server used in the collecting an collating
of Covid-19 data making them inoperable for a time.
Secondary effects:-
The attack disrupted the real-time transmission of Covid-19 stats and data
to numerous stakeholders who needed it for decision making.
Second order effects:-
Data integrity and exposure of confidential private patients data, delays in
medical supplies and PPEs to frontline workers were some of the most
Cases studies of cyber attacks by Ocean
Lotus Group and their effects over the
years... Continued
Characteristics of Oceanlotus cyber
threat actors
1. Advanced and Persistent:
Ocean Lotus is an advanced persistent threat (APT) group, demonstrating a
high level of technical sophistication and the ability to conduct long-term,
targeted intrusion campaigns.
The group has maintained a persistent presence in the networks of their
targets, often establishing a stealthy foothold to conduct ongoing
espionage activities.
2. Politically Motivated:
The primary objective of Ocean Lotus appears to be cyber espionage, with a
focus on gathering intelligence for political, economic, and strategic
purposes.
The group's targets have primarily included government organizations,
foreign corporations, dissidents, and other entities of interest to the
Vietnamese government, suggesting a state-sponsored or state-aligned
nature.
3. Adaptable and Innovative:
Ocean Lotus has shown a remarkable ability to adapt and evolve its tactics,
techniques, and procedures (TTPs) over time.
The group has demonstrated a willingness to leverage the latest
technologies, exploit zero-day vulnerabilities, and develop custom malware
to maintain an edge over its targets and evade detection.
Characteristi cs of Oceanlotus cyber
threat actors....Continued.
4. Operationally Sophisticated:
The Ocean Lotus actors have exhibited a high level of operational security,
employing advanced obfuscation techniques, utilizing legitimate network
protocols for command-and-control, and maintaining a low profile to avoid
detection.
Their ability to conduct successful spear-phishing campaigns, watering hole
attacks, and lateral movement within compromised networks underscores
their operational sophistication.
5. Geographically Focused:
The group's activities have primarily targeted organizations and individuals
in Southeast Asian countries, particularly Vietnam, Laos, Cambodia, and the
Philippines.
This regional focus suggests a strong alignment with the interests and
objectives of the Vietnamese government or state-affiliated entities.
(Source: Bloomberg.com 2021)
6. Potentially State-Sponsored:
While definitive attribution is challenging in the cyber domain, various
cybersecurity firms and government agencies have attributed the Ocean
Lotus activities to threat actors originating from Vietnam.
The group's consistent focus on intelligence gathering and the alignment of
its targets with Vietnamese interests suggest potential state sponsorship
or support.(Source: Bloomberg.com 2021)
Oceanlotus cyber threat actors, a private
problem for business or a public concern
for Policy maker?
Private Sector Concerns:
• Businesses, particularly those operating in Southeast Asia or with
interests in the region, are prime targets for Ocean Lotus's cyber
espionage activities.
• The group's focus on gathering intelligence and stealing sensitive
data poses significant risks to private companies, as it can lead to the
loss of trade secrets, intellectual property, and other valuable
information.
• Compromised businesses may suffer financial losses, reputational
damage, and disruptions to their operations, making Ocean Lotus a
critical private sector problem.
• Private companies need to prioritize robust cybersecurity measures,
incident response plans, and collaboration with security vendors and
law enforcement to mitigate the risks posed by Ocean Lotus.
Public Policy Concerns:
• Ocean Lotus's suspected state-sponsored or state-aligned nature
makes it a matter of national security and public policy concern.
• The group's targeting of government agencies, critical infrastructure,
and other entities of strategic importance raises concerns about
national sovereignty, geopolitical tensions, and the potential for
cascading impacts on the public sector.
Possible responses by Policy makers to
Oceanlotus cyber threat actors,
• Policymakers need to address the threat of Ocean Lotus through the
development of comprehensive national cybersecurity strategies,
international cooperation, and the strengthening of defensive
capabilities
.
• Policies related to information sharing, threat intelligence exchange,
and coordinated response mechanisms between the public and
private sectors are crucial in mitigating the risks posed by Ocean
Lotus.
• Diplomatic efforts and sanctions may also be considered as part of a
broader strategy to deter and disrupt the activities of state-
sponsored cyber threat actors like Ocean Lotus.
Conclusion
Overall, the Ocean Lotus cyber threat actors represent a sophisticated,
persistent, and politically motivated group that poses a significant risk
to organizations and individuals in the Southeast Asian region. Their
continuous evolution and adaptability underscore the need for robust
cybersecurity measures and international cooperation to identify and
mitigate the threats posed by such advanced persistent threat groups.
REFERENCES
4. https://www.cfr.org/cyber-operations/export-incidents (accessed
on05/04/2024)
5. https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-
intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
(accessed on 11/04/2024)
2. https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-
securities-studies/pdfs/Cyber-Reports-2018-05.pdf
1.https://cdn.amnesty.at/media/11606/amnesty-report_caught-in-the-net_the-
global-threat-from-eu-regulated-spyware_oktober-2023.pdf (accessed on
07/03/2024)
6. https://ics-cert.kaspersky.com/publications/reports/2020/04/24/threat-
landscape-for-industrial-automation-systems-apt-attacks-on-industrial-
companies-in-2019/ accessed on (11/04/2024)
8. https://brandefense.io/blog/apt-groups/ocean-lotus-apt-
group/#:~(accessed on 13/04/2024)
9. https://www.lockheedmartin.com/content/dam/lockheed-
martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf
3. https://www.cybereason.com/blog/operation-cobalt-kitty-apt (accessed
on 01/06/2024)
7. https://www.bloomberg.com/news/articles/2020-04-23/vietnamese-hackers-
targeted-china-officials-at-heart-of-outbreak(accessed on 03/06/2024)

More Related Content

Similar to Ocean lotus Threat actors project by John Sitima 2024 (1).pptx

Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
nikshaikh786
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Happiest Minds Technologies
 
Threat Intelligence Report July 2-8.pptx
Threat Intelligence Report July 2-8.pptxThreat Intelligence Report July 2-8.pptx
Threat Intelligence Report July 2-8.pptx
mumun76412
 
ppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptxppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptx
jmiham
 
Survey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetSurvey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manet
ijctet
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
yohansurya2
 
Exploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat LandscapeExploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat Landscape
CyberPro Magazine
 
The Demand For Security: information security program
The Demand For Security: information security programThe Demand For Security: information security program
The Demand For Security: information security program
BounjourAli
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
OPSWAT
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
KaustubhPathak11
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
Stefano Maccaglia
 
Top Cyber Security institute in India - Gicseh.pdf
Top Cyber Security institute in India - Gicseh.pdfTop Cyber Security institute in India - Gicseh.pdf
Top Cyber Security institute in India - Gicseh.pdf
GICSEH
 
Top Cyber Security institute in India - Gicseh.pdf
Top Cyber Security institute in India - Gicseh.pdfTop Cyber Security institute in India - Gicseh.pdf
Top Cyber Security institute in India - Gicseh.pdf
GICSEH
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
 
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
IRJET Journal
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
Spire Research and Consulting
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits Attack
CSCJournals
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
IRJET Journal
 
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
Centre for Strategic Cyberspace + Security Science
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 

Similar to Ocean lotus Threat actors project by John Sitima 2024 (1).pptx (20)

Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
 
Threat Intelligence Report July 2-8.pptx
Threat Intelligence Report July 2-8.pptxThreat Intelligence Report July 2-8.pptx
Threat Intelligence Report July 2-8.pptx
 
ppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptxppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptx
 
Survey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetSurvey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manet
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Exploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat LandscapeExploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat Landscape
 
The Demand For Security: information security program
The Demand For Security: information security programThe Demand For Security: information security program
The Demand For Security: information security program
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
Top Cyber Security institute in India - Gicseh.pdf
Top Cyber Security institute in India - Gicseh.pdfTop Cyber Security institute in India - Gicseh.pdf
Top Cyber Security institute in India - Gicseh.pdf
 
Top Cyber Security institute in India - Gicseh.pdf
Top Cyber Security institute in India - Gicseh.pdfTop Cyber Security institute in India - Gicseh.pdf
Top Cyber Security institute in India - Gicseh.pdf
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits Attack
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 

Recently uploaded

Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
DianaGray10
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
Stephanie Beckett
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
FIDO Alliance
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
Baishakhi Ray
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Accelerating Migrations = Recommendations
Accelerating Migrations = RecommendationsAccelerating Migrations = Recommendations
Accelerating Migrations = Recommendations
isBullShit
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
Alison B. Lowndes
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdfLeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
SelfMade bd
 
The History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal EmbeddingsThe History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal Embeddings
Zilliz
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Zilliz
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 

Recently uploaded (20)

Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Accelerating Migrations = Recommendations
Accelerating Migrations = RecommendationsAccelerating Migrations = Recommendations
Accelerating Migrations = Recommendations
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdfLeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
 
The History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal EmbeddingsThe History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal Embeddings
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx

  • 1. OCEAN LOTUS CYBER-THREAT ACTORS Completed by John Sitima In partial fulfilment of Cybersecurity for Everyone (C) 2024 johnsitima@gmail.com
  • 2. Cybersecurity. Cybersecurity refers to the practice of protecting internet-connected systems, including hardware, software, and data, from attack, damage, or unauthorized access Threat actors These are individuals or groups who purposefully harm digital devices or systems.
  • 3. Ocean Lotus also known as APT32, BISMUTH, Canvas Cyclone or APT-C-00 OceanLotus, also recognized as APT32, is a threat actor that emerged from Vietnam in 2014. This group has focused on various sectors such as manufacturing, network security, technology infrastructure, banking, media, and consumer products. Their Level of skill Ocean Lotus has demonstrated a high level of technical sophistication and operational competency. The group has shown the ability to conduct long-term intrusion campaigns, maintain persistent access to targeted networks, and evade detection by employing advanced obfuscation and anti-forensic techniques. They are also known by the following Aliases
  • 4. capability and tactics used by ocean lotus cyber threat actors The APT32 group has been known to employ a wide range of attack vectors and tools to compromise its targets. These include spear-phishing emails, watering hole attacks, social engineering techniques, and the use of custom malware. The group has been observed using various malware families, such as Cobalt Strike, PlugX, and PowerShell-based backdoors, to establish persistence on compromised systems and exfiltrate sensitive data. Targets of the Ocean Lotus The group's activities have primarily targeted government organizations, foreign corporations, dissidents, journalists, and other entities of interest to the Vietnamese government. The group has been linked to cyber attacks targeting dissidents and human rights activists, indicating a broader agenda that includes monitoring and suppressing internal dissent (amnesty 2021).
  • 5. The motivations of the OCEANLOTUS threat actor are believed to be primarily related to espionage and intelligence gathering. They have been known to target government agencies, defense contractors, and. technology companies to steal sensitive information that could be used for strategic or financial gain. The targets of the Ocean Lotus group are generally foreign companies with sure success and interests in Vietnam’s hospitality, manufacturing, and consumer goods sectors. As well as the private sector, the Ocean Lotus group targets politicians and journalists opposed to the Vietnamese government. (Brandefense 2022) Motivations of the Ocean Lotus
  • 6. The group has been known to employ a wide range of attack vectors and tools to compromise its targets. These include spear-phishing emails, watering hole attacks, social engineering techniques, and the use of custom malware. The group has been observed using various malware families, such as Cobalt Strike, PlugX, and PowerShell-based backdoors, to establish persistence on compromised systems and exfiltrate sensitive data for ransom and corporate espionage. Ocean Lotus Geo-Political context The cyberespionage group Ocean Lotus, active since 2014, targets organizations in various industries in Vietnam and other Southeast Asian countries. Insights on the Ocean Lotus modus operandi
  • 7. THE HACKING PROCESS This is a security defence model developed by Lockheed Martin in to identify and stop sophisticated cyberattacks before they impact an organization. The concept include the following steps: i. Reconnaissance ii. Weaponization iii. Delivery iv. Exploitation v. Installation vi. Command and Control vii. Action on target. (Source: lockeheedmartin.com 2012) Based on the above, the researcher has created an acronym to easy assimilation and conceptualization of the 7 steps of the CKC which is (Real, Warriors, D, I,E, Commanding, Action on target) The Ocean Lotus Group has utilised these steps in exploiting their The Lockheed Martin Cyber Kill Chain (CKC)
  • 8. The Ocean Lotus cyber actors groupemploy a diverse range of tactics, techniques, and procedures (TTPs) to target and compromise their victims. According to (Source: Kaspersky.com 2019) some of the key tactics used by the group include: Tactics used by Ocean lotus actors on their targets. 1.. Spear-Phishing Attacks: Ocean Lotus is known for conducting highly targeted spear-phishing campaigns, often using socially engineered lures related to the victim's interests or industry. The group leverages malicious attachments or links in the phishing emails to deliver their custom malware payloads. 2. Watering Hole Attacks: The group has been observed setting up malicious websites or compromising legitimate websites frequented by their targets. These watering hole attacks aim to infect visitors with malware when they access the compromised web resources. 3. Social Engineering: Ocean Lotus actors rely heavily on social engineering techniques to gather information about their targets and gain their trust.
  • 9. ...Tactics used by Ocea lotus actors on their targets.(Continued) 4. Malware Deployment: The group has been linked to the use of various custom-made malware families, including Cobalt Strike, PlugX, and PowerShell-based backdoors.These malware are designed to establish persistent access, exfiltrate data, and conduct further reconnaissance on the compromised systems. 5. Exploitation of Vulnerabilities: Ocean Lotus actors actively seek out and exploit vulnerabilities in popular software, operating systems, and web applications to gain initial access to their targets. They often leverage zero-day vulnerabilities to bypass security measures and maintain a stealthy presence on the compromised systems. 6. Lateral Movement and Privilege Escalation: Once inside the target network, the group employs techniques to move laterally and escalate privileges, allowing them to access sensitive data and resources. This includes the use of credential harvesting, privilege escalation exploits, and tools like Mimikatz.
  • 10. ...Tactics used by Ocea lotus actors on their targets.(Continued) 7. Data Exfiltration: The ultimate goal of Ocean Lotus's operations is to gather intelligence and exfiltrate sensitive data from their targets. The group has been observed using various techniques, such as encrypted data transfers, to siphon off valuable information without raising suspicion. 8. Operational Security and Obfuscation: To evade detection and maintain persistent access, Ocean Lotus actors employ advanced obfuscation techniques, such as code encryption, anti-analysis measures, and the use of legitimate network protocols for command-and-control communications.
  • 11. Case 1: In 2017, Ocean Lotus carried out a campaign against Vietnam's National Assembly. The group sent spear phishing emails containing a link to a fake website that mimicked the National Assembly's intranet login page. Victims who attempted to log in had their credentials stolen by Ocean Lotus. The Effects: Primary effects:- Defacement of website happened. The threat actors got credentials of the Vietnam’s National Assembly members via the intranet. This target made the intranet to be inoperable for some time. Secondary effects:- The attack disrupted the functioning of the intranet resulting in secondary effects of ineffective functioning of the Vietnam’s National Assembly) in their Government duties. Second order effects:- Data integrity ans exposure of confidential parliament details its structures and leadership exposed by this threat action resulted in general people fearing of privacy of their own data and privacy. Cases studies of cyber attacks by Ocean Lotus Group and their effects over the years.
  • 12. Case 2: Operation Cobalt Kitty 20... (Source : Cyberreason.com 2019) Operation Cobalt Kitty, Ocean Lotus group targeted global corporations based in Asia with the goal of stealing proprietary business information. The threat actor targeted the company’s top-level management by using spear-phishing attacks as the initial penetration vector. The Effects: Primary effects:- The attack directly compromised more than 40 PCs and servers, including the domain controller, file servers, Web application server and database server making them inoperable for a time. Secondary effects:- The attack disrupted the functioning of the the companies resulting in secondary effects of loss of revenue and income. Second order effects:- Data integrity and exposure of confidential corporate private and secret data were some of the most serious second order effects of the attack.. Cases studies of cyber attacks by Ocean Lotus Group and their effects over the years... Continued
  • 13. Case 3: 2014 Action on US-based NGO Electronic Frontier Foundation (EFF) the Associated Press international news organization and two Vietnamese activists. (Source : Amnesty.org 2021) Operation Cobalt Kitty, Ocean Lotus group targeted global corporations based in Asia with the goal of stealing proprietary business information. The threat actor targeted the company’s top-level management by using spear-phishing attacks as the initial penetration vector. The Effects: Primary effects:- The attack directly compromised more than 40 PCs and servers, including the domain controller, file servers, Web application server and database server making them inoperable for a time. Secondary effects:- The attack disrupted the functioning of the the companies resulting in secondary effects of loss of revenue and income. Second order effects:- Data integrity and exposure of confidential corporate private and secret data were some of the most serious second order effects of the attack.. Cases studies of cyber attacks by Ocean Lotus Group and their effects over the years... Continued
  • 14. Case 4: 2020 A report by Bloomberg highlighted that as back as 06 January 2020 in the midst of the corona virus pandemic cyber attacks by Ocean Lotus were going on, targeting the Chinese Government and continued through April, a senior manager for cyber-espionage at Fire Eye Inc and officials in the Chinese Government threat intelligence unit were quoted saying. (Source : Bloomberg.com 2020) The OceanLotus used spear-phishing and malware fit modus operandi to target China's Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic. The Vietnamese Ministry of Foreign Affairs denied the accusations. The Effects: Primary effects:- The attack directly compromised workstations and file servers, Web application server and database server used in the collecting an collating of Covid-19 data making them inoperable for a time. Secondary effects:- The attack disrupted the real-time transmission of Covid-19 stats and data to numerous stakeholders who needed it for decision making. Second order effects:- Data integrity and exposure of confidential private patients data, delays in medical supplies and PPEs to frontline workers were some of the most Cases studies of cyber attacks by Ocean Lotus Group and their effects over the years... Continued
  • 15. Characteristics of Oceanlotus cyber threat actors 1. Advanced and Persistent: Ocean Lotus is an advanced persistent threat (APT) group, demonstrating a high level of technical sophistication and the ability to conduct long-term, targeted intrusion campaigns. The group has maintained a persistent presence in the networks of their targets, often establishing a stealthy foothold to conduct ongoing espionage activities. 2. Politically Motivated: The primary objective of Ocean Lotus appears to be cyber espionage, with a focus on gathering intelligence for political, economic, and strategic purposes. The group's targets have primarily included government organizations, foreign corporations, dissidents, and other entities of interest to the Vietnamese government, suggesting a state-sponsored or state-aligned nature. 3. Adaptable and Innovative: Ocean Lotus has shown a remarkable ability to adapt and evolve its tactics, techniques, and procedures (TTPs) over time. The group has demonstrated a willingness to leverage the latest technologies, exploit zero-day vulnerabilities, and develop custom malware to maintain an edge over its targets and evade detection.
  • 16. Characteristi cs of Oceanlotus cyber threat actors....Continued. 4. Operationally Sophisticated: The Ocean Lotus actors have exhibited a high level of operational security, employing advanced obfuscation techniques, utilizing legitimate network protocols for command-and-control, and maintaining a low profile to avoid detection. Their ability to conduct successful spear-phishing campaigns, watering hole attacks, and lateral movement within compromised networks underscores their operational sophistication. 5. Geographically Focused: The group's activities have primarily targeted organizations and individuals in Southeast Asian countries, particularly Vietnam, Laos, Cambodia, and the Philippines. This regional focus suggests a strong alignment with the interests and objectives of the Vietnamese government or state-affiliated entities. (Source: Bloomberg.com 2021) 6. Potentially State-Sponsored: While definitive attribution is challenging in the cyber domain, various cybersecurity firms and government agencies have attributed the Ocean Lotus activities to threat actors originating from Vietnam. The group's consistent focus on intelligence gathering and the alignment of its targets with Vietnamese interests suggest potential state sponsorship or support.(Source: Bloomberg.com 2021)
  • 17. Oceanlotus cyber threat actors, a private problem for business or a public concern for Policy maker? Private Sector Concerns: • Businesses, particularly those operating in Southeast Asia or with interests in the region, are prime targets for Ocean Lotus's cyber espionage activities. • The group's focus on gathering intelligence and stealing sensitive data poses significant risks to private companies, as it can lead to the loss of trade secrets, intellectual property, and other valuable information. • Compromised businesses may suffer financial losses, reputational damage, and disruptions to their operations, making Ocean Lotus a critical private sector problem. • Private companies need to prioritize robust cybersecurity measures, incident response plans, and collaboration with security vendors and law enforcement to mitigate the risks posed by Ocean Lotus. Public Policy Concerns: • Ocean Lotus's suspected state-sponsored or state-aligned nature makes it a matter of national security and public policy concern. • The group's targeting of government agencies, critical infrastructure, and other entities of strategic importance raises concerns about national sovereignty, geopolitical tensions, and the potential for cascading impacts on the public sector.
  • 18. Possible responses by Policy makers to Oceanlotus cyber threat actors, • Policymakers need to address the threat of Ocean Lotus through the development of comprehensive national cybersecurity strategies, international cooperation, and the strengthening of defensive capabilities . • Policies related to information sharing, threat intelligence exchange, and coordinated response mechanisms between the public and private sectors are crucial in mitigating the risks posed by Ocean Lotus. • Diplomatic efforts and sanctions may also be considered as part of a broader strategy to deter and disrupt the activities of state- sponsored cyber threat actors like Ocean Lotus. Conclusion Overall, the Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
  • 19. REFERENCES 4. https://www.cfr.org/cyber-operations/export-incidents (accessed on05/04/2024) 5. https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat- intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf (accessed on 11/04/2024) 2. https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for- securities-studies/pdfs/Cyber-Reports-2018-05.pdf 1.https://cdn.amnesty.at/media/11606/amnesty-report_caught-in-the-net_the- global-threat-from-eu-regulated-spyware_oktober-2023.pdf (accessed on 07/03/2024) 6. https://ics-cert.kaspersky.com/publications/reports/2020/04/24/threat- landscape-for-industrial-automation-systems-apt-attacks-on-industrial- companies-in-2019/ accessed on (11/04/2024) 8. https://brandefense.io/blog/apt-groups/ocean-lotus-apt- group/#:~(accessed on 13/04/2024) 9. https://www.lockheedmartin.com/content/dam/lockheed- martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf 3. https://www.cybereason.com/blog/operation-cobalt-kitty-apt (accessed on 01/06/2024) 7. https://www.bloomberg.com/news/articles/2020-04-23/vietnamese-hackers- targeted-china-officials-at-heart-of-outbreak(accessed on 03/06/2024)