Skip to Content

OceanLotus APT32 behind Torii IoT Botnet

Updated on 2022-11-15: OceanLotus attacks

Chinese security firm QiAnXin published a report on Monday about recent attacks of OceanLotus, a Vietnamese state-sponsored group, that have targeted Chinese organizations through 2021. The report details the group’s use of three zero-days, one in an unnamed antivirus product and two zero-days in an unnamed workstation management system. QiAnXin also confirmed a Weibu report from earlier this month that claimed that OceanLotus was using IoT devices as a springboard for their attacks. The Weibu report specifically linked OceanLotus to the Torii botnet. Read more:

Overview: Torii and Ocean Lotus

In a report on Wednesday, Chinese IT company Weibu claimed that OceanLotus, a Vietnamese cyber-espionage group, is behind Torii, an IoT botnet that was first seen back in 2018. Weibu researchers say that OceanLotus, also known as APT32, has been using systems infected by Torii to hide their operations, such as attacks and command-and-control traffic. Read more:

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.