OceanLotus

OceanLotus, also known as APT32, BISMUTH, or Canvas Cyclone, is a hacker group associated with the government of Vietnam. It has been accused of cyberespionage targeting political dissidents, government officials, and businesses with ties to Vietnam.

History
In 2020, Bloomberg reported that OceanLotus had targeted China's Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic. The Vietnamese Ministry of Foreign Affairs called the accusations unfounded.

In 2020, Kaspersky researchers disclosed that OceanLotus had been using the Google Play Store to distribute malware. In November 2020 Volexity researchers disclosed that OceanLotus had set up fake news websites and Facebook pages to both engage in web profiling and distribute malware. According to reports, Facebook traced the group's activities to an IT company called CyberOne Group in Ho Chi Minh City.

In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bui Thanh Hieu.

In March 2021, it was reported that the group's operations were impacted by a fire at an OVH data center in France.