VERY IMPORTANT

A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved multiple persistence mechanisms, including scheduled tasks, COM object hijacking, and DLL side-loading. Various malware families were employed, such as backdoors using steganography and Java-based loaders. The attackers utilized Cobalt Strike for command and control, masquerading domains, and infrastructure designed to evade detection. This case highlights the persistent threats faced by human rights organizations from sophisticated state-sponsored actors.