OceanLotus, also known as APT32, is a hacker group associated with the government of Vietnam.[1][2][3][4] It has been accused of cyberespionage targeting political dissidents, government officials, and businesses with ties to Vietnam.[5]


In 2020, Bloomberg reported that OceanLotus had targeted China's Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic. The Vietnamese Ministry of Foreign Affairs called the accusations unfounded.[6][7][8]

In 2020, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware. In November 2020 Volexity researchers disclosed that OceanLotus had set up fake news websites and Facebook pages to both engage in web profiling and distribute malware.[9][10] According to reports, Facebook traced the group's activities to an IT company called CyberOne Group in Ho Chi Minh City.[11]

In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bui Thanh Hieu.[12]

In March 2021, it was reported that the group's operations were impacted by a fire at an OVH data center in France.[13]


  1. ^ Panda, Ankit. "Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19". Thediplomat.com. Retrieved 29 April 2020.
  2. ^ Tanriverdi, Hakan; Zierer, Max; Wetter, Ann-Kathrin; Biermann, Kai; Nguyen, Thi Do (October 8, 2020). Nierle, Verena; Schöffel, Robert; Wreschniok, Lisa (eds.). "Lined up in the sights of Vietnamese hackers". Bayerischer Rundfunk. In Bui’s case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many names for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information security specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.
  3. ^ Hay Newman, Lilly. "An Up-Close View of the Notorious APT32 Hacking Group in Action". Wired.com. Retrieved 7 November 2020.
  4. ^ "Vietnamese APT32 group is one of the most advanced APTs in the threat landscape". Cyberdefensemagazine.com. Retrieved 7 November 2020.
  5. ^ Pearson, Jack Stubbs, James (2020-12-11). "Facebook tracks 'OceanLotus' hackers to IT firm in Vietnam". Reuters.com. Retrieved 2021-03-02.
  6. ^ Jamie Tarabay (April 23, 2020). "Vietnamese Hackers Targeted China Officials at Heart of Outbreak". Bloomberg.com.
  7. ^ Thayer, Carl. "Did Vietnamese Hackers Target the Chinese Government to Get Information on COVID-19?". Thediplomat.com.
  8. ^ Hui, Mary. "Vietnam's early coronavirus response reportedly included hackers who targeted China". Qz.com.
  9. ^ Vavra, Shannon. "Vietnamese hacking group OceanLotus uses imitation news sites to spread malware". Cyberscoop.com. Cyberscoop. Retrieved 7 November 2020.
  10. ^ Franceschi-Bicchierai, Lorenzo. "Vietnamese Hackers Ran 'Fake News' Websites To Target Visitors". Vice.com. Retrieved 7 November 2020.
  11. ^ "Facebook tracks 'OceanLotus' hackers to IT firm in Vietnam". Reuters.com. 11 December 2020. Retrieved 15 December 2021.
  12. ^ "Vietnamese activists targeted by notorious hacking group". Amnesty.org. Retrieved 2021-03-02.
  13. ^ Coble, Sarah (2021-03-15). "OVH Data Center Fire Impacts Cyber-criminals". Infosecurity-magazine.com. Retrieved 2021-03-15.