APT32’s most recent attacks involved the compromise of four hosts with different Windows Registry keys and scheduled tasks that facilitated the deployment of Google Chrome cookie exfiltration, Cobalt Strike beacons, and embedded DLL payload loaders, an analysis from Huntress showed. “This intrusion has a number of overlaps with known techniques used by the threat actor APT32/OceanLotus, and a known target demographic which aligns with APT32/OceanLotus targets,”

Source: SC Magazine