OceanLotus (APT32) Conducts Cyber Espionage Campaigns Targeting Vietnamese Entities

The Vietnam-aligned threat actor OceanLotus (also known as APT32) conducted two cyber espionage campaigns targeting Vietnamese entities, including a domestic infrastructure and transport construction corporation and stock investors. The attacks utilized a backdoor named SPECTRALVIPER and spanned from mid-2024 to February 2026, with one campaign involving a supply chain attack. No specific CVE IDs or additional technical details about the malware were provided. The primary focus of the operations appeared to be prolonged intelligence gathering and compromise of critical sectors. The impacted organizations were based in Vietnam.