Over 100 sites were affected by a hacking group, Oceanlotus which managed to compromise the security of these websites. The hackers even managed to hijack the official site of President Rodrigo Duterte. This was confirmed by the security researchers.
Volexity, a cybersecurity company claimed that the complex group known as OceanLotus or APT32 were able to breach websites of various government, human rights, military, state oil exploration and media in order to launch attacks in the future.
The official website of Association Of Southeast Asian Nations (ASEAN) one of the sites that were compromised by the hackers. Many Chinese websites like BD Star, Chinese oil, and China National United Oil Corporation were also affected by this attack. Different ministries in Laos and Cambodia also admitted that they were affected by the breach. The hackers also targeted the official site of the Armed Forces of the Philippines.
The cybersecurity firm Volexity stated that the extent of this attack is unimaginable. Only a Russian Group known as Turla have been previously successful in launching an attack on this scale. Oceanlotus are believed to have successfully operated unnoticed throughout the recent years on several top-notch websites.
The specific targets received a popup appearing every 24 hours when they accessed any of the affected websites. When clicked, the popup redirected the users to Google initiating OAuth access to OceanLotus google app, which enabled the hacker to access any contact or email. Some websites were also attacked by spearphishing campaign in order to install backdoors on the systems that were being targeted.
The group is also responsible for delivering malware through fake updates on Firefox, Chrome and the Internet Explorer.
Researchers concluded that Oceanlotus have strategically compromised a “staggeringly large number of websites”, majorly belonging to Vietnamese groups and individuals who were critical of government policies. Other affected websites were either state-owned or their affiliates.
Volexity in a statement said, Oceanlotus have enhanced its capability rapidly in the recent years and are one of the most advanced APT groups who are currently operating.
As a result of the group’s recent attack, Volexity believes that Oceanlotus is consistently developing a network of highly organized hackers, specializing in computer network exploitation capability.