APT32 Abuses GitHub Infrastructure to Launch Targeted Strikes on Cybersecurity Experts and Corporations - #APT32
The Vietnamese-aligned hacking group APT32, also known as OceanLotus, has been orchestrating sophisticated cyberattacks targeting various entities across Southeast Asia and beyond. Their activities, spanning from 2024 to 2025, have evolved to include compromising GitHub repositories, exploiting Visual Studio project files, and utilizing novel techniques such as .suo file manipulation to deliver malware. The group has specifically targeted cybersecurity professionals, large corporations, and government agencies in China, demonstrating an alarming level of persistence and adaptability. APT32's methods include spear-phishing, exploiting software supply chain vulnerabilities, and employing stealthy command-and-control communication via platforms like Notion. These attacks underscore the critical need for heightened vigilance among cybersecurity professionals and organizations, particularly when interacting with open-source repositories and tools.