OceanLotus (aka APT32) is a very active hacking group. It operates especially in the area of south-east Asia and, according to the security community, it is close to the Vietnamese government. Over the time, many intrusion attempts and data breach have been attributed to it. As for the more purely technical aspects, the group seems very well supported and often adopts advanced tactics and techniques in order to lower the probability of detection. In my personal opinion, the members of this group seem to be very talented in adopting technical solutions aimed at evading anti-malware products and operating “under the radar“. In order to close the infection cycle of a victim system, the group sometime goes also to exploit those software features originally designed to make life easier for developers or to improve the quality of user experience, demonstrating an excellent knowledge of the systems and environments in which it operates. Starting from the middle of March 2019, CTI team at Telsy starts tracking the activity of this group in the ASEAN – Association of South-East Asian Nations – area.