Human rights activists in Vietnam have been targeted by the notorious hacking group Ocean Lotus.

The group, which is suspected of having links with the Vietnamese government, has carried out a campaign of spyware attacks against the activists, an investigation by Amnesty Tech, a global collective of advocates, hackers, researchers and technologists.

Amnesty Tech found evidence in phishing emails sent to two prominent Vietnamese human rights activists connecting Ocean Lotus to attacks between 2018 and November 2020.

The investigation revealed that pro-democracy activist Bui Thanh Hieu was targeted with spyware at least four times between February 2018 and December 2019. Another blogger in Vietnam, left anonymous for security reasons, was targeted three times between July and November 2020.

Non-profit the Vietnamese Overseas Initiative for Conscience Empowerment was targeted in April 2020.

Ocean Lotus, which is responsible for multiple cyber attacks since at least 2013 and has been connected to attacks against Vietnamese political dissidents, attacks were delivered through emails containing malicious links that downloaded files containing spyware for Mac OS or Windows systems.

Ocean Lotus also created fake online media websites based on content automatically gathered from legitimate news websites in order to target those who visit the site.

Likhita Banerji, researcher at Amnesty Tech, said:

“These latest attacks by Ocean Lotus highlight the repression Vietnamese activists at home and abroad face for standing up for human rights. This unlawful surveillance violates the right to privacy and stifles freedom of expression.

“The Vietnamese government must carry out an independent investigation. Any refusal to do so will only increase suspicions that the government is complicit in the Ocean Lotus attacks.

“Online freedoms are under unprecedented attack in Viet Nam. Despite these threats, courageous activists continue to stand up for human rights. The relentless repression they face, including targeted cyber-attacks, must end.”

According to Amnesty, targeting human rights activists using digital surveillance technology is unlawful under international human rights law.

Jake Moore, cybersecurity specialist at ESET:

“Spyware attacks are particularly stealthy in nature and can often hide on a device without any sign it has been compromised. Infamously, Pegasus was used to target individuals in impressive one-click and even zero-click attacks where the victims were taken completely unawares.

“Once a phone is compromised, it can be very easy to conduct further attacks with multiple motivating factors. Due to the simplicity of such attacks, activists and others in high risk categories, including politicians and figures of high wealth, need to be even more vigilant of the threats of spyware and the damage that it can cause. These individuals, and anyone else who may be vulnerable to spyware, should make sure they are fully aware of links and attachments sent to their phones via any means of communication.”


Read More: Amnesty International: “Coordinated” spyware operation targets human rights activists in India.