OceanLotus, also named APT32, BISMUTH, Ocean Buffalo by CrowdStrike, or Canvas Cyclone by Microsoft,[1] is a hacker group allegedly associated with the government of Vietnam.
[2][3][4][5] It has been accused of cyberespionage targeting political dissidents, government officials, and businesses with ties to Vietnam.
[6] In April 2020, Bloomberg reported that OceanLotus had targeted China's Ministry of Emergency Management and the Wuhan municipal government in order to obtain information about the COVID-19 pandemic.
Volexity researchers disclosed that OceanLotus had set up fake news websites and Facebook pages to both engage in web profiling and distribute malware.
[12] In February 2021, Amnesty International reported that OceanLotus had launched a number of spyware attacks against Vietnamese human rights activists, including Bùi Thanh Hiếu.