Tag: vietnam

6 Attack Reports | 0 Vulnerabilities

Attack reports

Operation Hanoi Thief: Vietnam APT

A spear-phishing campaign dubbed 'Operation Hanoi Thief' is targeting Vietnamese IT professionals and recruitment teams. The attack uses a malicious ZIP file containing a fake resume and an LNK file. The LNK file executes a pseudo-polyglot payload, which deploys a C++ DLL implant called LOTUSHARVES…
vietnam
spear-phishing
information-stealer
dll-sideloading
2025-11-28
it-professionals
lotusharvest
browser-credentials
recruiters
Published: November 28, 2025
Downloadable IOCs: 6

Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign

A Chinese-speaking threat actor group, tracked as CL-UNK-1037, has been conducting a large-scale SEO poisoning campaign called Operation Rewrite. The attackers use a malicious IIS module named BadIIS to intercept and alter web traffic on compromised servers, manipulating search engine results to re…
seo poisoning
vietnam
iis module
dragonrank
chinese threat actor
badiis
chinese-speaking
web shells
2025-09-23
operation rewrite
iis modules
group 9
2025-09-25
Published: September 25, 2025
Downloadable IOCs: 71

RedHook: A New Android Banking Trojan Targeting Users In Vietnam

A sophisticated Android banking trojan named RedHook has been discovered targeting Vietnamese users through spoofed government and financial websites. The malware uses WebSocket to communicate with its command-and-control server and supports over 30 remote commands, enabling complete control over c…
rat
phishing
android
banking trojan
keylogging
vietnam
aws s3
websocket
2025-07-31
chinese-language
redhook
Published: July 31, 2025
Downloadable IOCs: 13

Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generators

A hacking group with alleged ties to Vietnam has been exploiting social media ads promoting AI video generators to distribute malware since mid-2024. The campaign, discovered by Mandiant, uses fake websites mimicking legitimate AI tools to deploy payloads including Python-based infostealers and bac…
backdoor
xworm
infostealer
vietnam
2025-05-28
noodlophile stealer
frostrift
grimpull
social media ads
starkveil
ai video generators
Published: May 28, 2025
Downloadable IOCs: 1

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders

A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved…
backdoor
apt
cobalt strike
persistence
steganography
vietnam
2024-09-03
dll side-loading
com hijacking
human rights
Published: September 3, 2024
Downloadable IOCs: 46

Braodo Info Stealer Targeting Vietnam and Abroad

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…
obfuscation
stealer
exfiltration
2024-07-15
telegram
vietnam
braodo stealer
Published: July 15, 2024
Downloadable IOCs: 14
Click here to see more Attack Reports