페이스북, 베트남 APT32 해킹 그룹 공개

newsroom 12/12 '20 posted 뉴스 IT

• 우리는 수년 동안이 그룹에 대해 추적하고 조치를 취해 왔습니다.

• 그들의 페이지 중 일부는 나중에 피싱 및 멀웨어 타겟팅을 위해 특정 팔로워를 유인하도록 설계되었습니다.

• 방글라데시에 기반을 둔 이 그룹은 해외에 거주하는 사람들을 포함한 지역 활동가, 언론인 및 소수 종교를 대상으로 계정을 도용하고 일부는 커뮤니티 표준을 위반하여 Facebook에 의해 비활성화되었습니다.

• 우리의 조사는 이 활동을 방글라데시의 두 비영리 단체인 돈 팀(Don's Team, 일명 Defense of Nation)과 범죄 연구 분석 재단(CRAF)과 연결시켰습니다.

• 악성 Play Store 앱: APT32는 페이지 사용 외에도 다양한 권한을 가진 구글 플레이스토어를 통해 안드로이드 애플리케이션을 다운로드하도록 대상을 유인해 사람들의 기기를 광범위하게 감시하도록 했습니다.

• APT32는 Facebook을 사용하여 목표물에 접근했습니다. Gleicher와 Dvilyanski에 따르면 APT32는 일반적으로 활동가 또는 기업체로 가장하는 가상의 페르소나를위한 계정과 페이지를 생성하여 Facebook에서 운영했습니다.

• 페이스북의 이런 행동은 최소한 놀랍고, 베트남과 해킹당한 모든 국가의 정부 관계자뿐만 아니라 사이버 보안 업계로부터도 정밀 조사를 받을 수밖에 없습니다.

• APT32 국가 국가 해커는 Facebook의 보안 정책 책임자인 Nathaniel Gleicher와 사이버 위협 인텔리전스 관리자인 Mike Dvilyanski가 오늘 발표 한 보고서에서 베트남 IT 회사 인 CyberOne Group과 연결되었습니다.

Taking Action Against Hackers in Bangladesh and Vietnam [about.fb.com]

Facebook links APT32, Vietnam's primary hacking group, to local IT firm [www.zdnet.com]

Facebook unmasks Vietnam’s APT32 hacking group [www.bleepingcomputer.com]

Facebook traces advanced hacking group to Vietnamese IT firm [kr-asia.com]

Operations of Hacker Groups in Vietnam, Bangladesh Disrupted by Facebook [www.securityweek.com]

Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam [thehackernews.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

12/12 '20 answered

The death of Flash has reduced the typical browser’s attack surface but these groups are still at it. Just tonight, the successors to that team unmasked APT 32. This time with Yara rules to burn their infra! Transparency in this area has definitely improved. https://t.co/HRQINm48y8
— Alex Stamos (@alexstamos) December 11, 2020

Two separate groups of hackers — APT32 in Vietnam and a group based in Bangladesh — removed by @Facebook for abuse of platform and attacks on human rights defenders, journalists and minoritieshttps://t.co/IHGWKFSfOS pic.twitter.com/hSHIgAuaiT
— Iain Levine (@iainlevine) December 11, 2020

Idk if Facebook made the right move by doxxing APT32 publicly prior to any arrests, nor without showing proof for their work, but they did it.. what do you think?https://t.co/nI02SeRUpm
— Alon Gal (Under the Breach) (@UnderTheBreach) December 11, 2020

1/ Today we announced two takedowns of networks conducting cyber-espionage — one operating in Vietnam, and the other in Bangladesh. https://t.co/BtF97K8Qmt
— Nathaniel Gleicher (@ngleicher) December 11, 2020

intriguing move by facebook... they’re definitely in a good position to do more of this type of thing https://t.co/eY3dKs4ZpX
— cje (@caseyjohnellis) December 11, 2020

Fascinating move by Facebook. They outed APT32 as CyberOne Group. According to their website, “CyberOne Group is the leading of #1 essential security technologies you the best compliance rates.” ¹
__
¹ https://t.co/t1TKnuTFof https://t.co/e7jYEimYvF
— thaddeus e. grugq (@thegrugq) December 11, 2020

This is interesting. Facebook is identifying APT32, a Vietnamese gov't associated hacker group, likely the most notorious one outside of China/Iran/NK/Russia, to a particular IT company called CyberOne Technologies.https://t.co/Yf8s0M4lME
— Kevin Collier (@kevincollier) December 11, 2020

Facebook put some light on Apt32 group - Taking Action Against Hackers in Bangladesh and Vietnam https://t.co/gJsqQbAltK
— Giuseppe `N3mes1s` (@gN3mes1s) December 11, 2020

#Facebook has taken action against two Bangladeshi groups of hackers for targeting local activists, journalists and religious minorities to compromise their accounts and have some of them disabled by the social media platform. #Bangladesh #FreedomOfSpeech https://t.co/yDrepAROXP
— Arafatul Islam (@arafatul) December 11, 2020

This is huge.

Facebook links #APT32 to CyberOne Group, an IT company in Vietnam

cc @kaibiermann https://t.co/pPLaq3fx4l
— hakan (@hatr) December 11, 2020

Facebook's post about actions against adversaries, including APT32 #threatintel https://t.co/4lpDmdFrte
— Katie Nickels (@likethecoins) December 11, 2020

#Facebook takes action against two separate groups of hackers — #APT32 in Vietnam and a group based in Bangladesh — removing their ability to use their infrastructure to abuse FB platform, distribute malware and hack people’s accounts across the internet.https://t.co/qby3WfJmjA
— Abir Ghattas (@AbirGhattas) December 11, 2020

Idk if Facebook made the right move by doxxing APT32 publicly prior to any arrests, nor without showing proof for their work, but they did it.. what do you think?https://t.co/nI02SeRUpm
— Alon Gal (Under the Breach) (@UnderTheBreach) December 11, 2020

Facebook links APT32, Vietnam's primary hacking group, to local IT firm https://t.co/GSBZuSjoww #security #CyberSec pic.twitter.com/SrRO5Y2oBy
— Moix Security (@moixsec) December 11, 2020

Facebook doxes and suspends accounts of APT32, one of the most active state-sponsored hacking groups that began in 2014, linking it to an IT group in Vietnamhttps://t.co/Wb9U8ltopI
— Gregg Housh (@GreggHoush) December 11, 2020

Breaking: Facebook has just doxed APT32

Hi there, CyberOne Group! ?https://t.co/VB3ND0daVR pic.twitter.com/hfkcXZEuvd
— Catalin Cimpanu (@campuscodi) December 11, 2020

Facebook doxes APT32, links Vietnam's primary hacking group to local IT firm https://t.co/wnWJpyHfMc by @campuscodi
— ZDNet (@ZDNet) December 11, 2020

Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam https://t.co/0zer4ILixF
— Nicolas Krassas (@Dinosn) December 11, 2020

Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam https://t.co/O9OmFnyrwW #Cyberattacks #Cybercrime
— Aghiath chbib (@AghiathChbib) December 11, 2020

#Facebook tracks two hacking groups—APT32 to an IT company in #Vietnam and a #Bangladesh group to two non-profit organizations in the country—and blocked their malicious activities on its social media platform.

Details: https://t.co/5DEZfX77JO #infosec #cybersecurity #hacking
— Swati Khandelwal (@Swati_THN) December 11, 2020

permanent link

Reply with curations

Related

Featured