Adversary

Ocean Buffalo

ORIGIN

Vietnam

Community Identifiers

OceanLotus, SeaLotus, APT32, TIN WOODLAWN

Ocean Buffalo is a Vietnam-based targeted intrusion adversary reportedly active since at least 2012.

This adversary is known to employ a wide range of Tactics, Techniques, and Procedures (TTPs), to include the use of both custom and off-the-shelf tools as well as the distribution of malware via Strategic Web Compromise (SWC) operations and spear phishing emails containing malicious attachments.

Targeted organizations are primarily located in East and Southeast Asian countries such as China, Cambodia, the Philippines, and Vietnam; however, Ocean Buffalo has also targeted Western organizations in several sectors, including automotive manufacturing and hospitality. Observed activity indicates that this adversary’s mission scope is broad and encompasses primarily operations focused on Vietnamese internal security issues and foreign intelligence collection, with some economic espionage activity evident since at least late 2018.

Recent Activity

Ocean Buffalo's activity in the first quarter of 2020 exhibited a focus on collection of information related to the COVID-19 pandemic. Public reporting revealed adversary activity focused on Chinese government and private sector entities using COVID-19-themed spear phishing emails. The specific targets indicated that the likely objective of this activity was intelligence collection related to the disease's spread in China as well as processes it put in place to respond COVID-19. In addition, in June 2020 CrowdStrike Intelligence identified Ocean Buffalo Strategic Web Compromise (SWC) activity targeting domestic Vietnamese individuals with KerrDown malware, likely as part of internal surveillance against Vietnamese journalists or dissidents.

Targeted Nations

  • Flag Icon of the country Cambodia

    Cambodia

  • Flag Icon of the country China

    China

  • Flag Icon of the country Germany

    Germany

  • Flag Icon of the country Philippines

    Philippines

  • Flag Icon of the country United States

    United States

  • Flag Icon of the country Vietnam

    Vietnam

Artwork

Adversary: Ocean Buffalo - Threat Actor

Crowdstrike Ocean Buffalo

I have read and accept the terms and conditions

Download
Explore Next Adversary

Terms and conditions

In order to download the adversary artwork, we kindly request you to accept our terms and conditions displayed below.

This image (“artwork”), is the intellectual property of CrowdStrike, Inc. and its affiliates and licensors (collectively, “us” or “we”) and may include other marks, trademarks, copyrighted materials, and other intellectual property (“assets”) that belong t o us, including, without limitation, CrowdStrike, the CrowdStrike logo, and CrowdStrike Falcon. We retain all right, title and interest in and to the artwork and all assets included therein. This artwork is offered to you as a convenience for your lawful a nd non-commercial use, solely as authorized by us, and subject to your compliance with these terms and conditions (“terms”) and any other guidelines or specifications that we may provide from time to time. We reserve the right to change these terms at any time without prior notice.

You should periodically check the latest information posted herein to be sure that you are in compliance. By downloading the artwork, you attest that you are at least 18 years of age and agree to the following terms, which const itute the sole and entire agreement between you and us with respect to the artwork. We reserve all rights not expressly granted to you herein. You may not use or display the artwork in any way: (i) that violates the rights of any person or entity or that may give rise to civil or criminal liability under laws or regulations applicable to you, another user, and/or CrowdStrike; (ii) that is defamatory, obscene, indecent, abusive, harassing, violent, hateful, inflammatory or otherwise objectionable; (iii) tha t is false, deceptive, misleading or fraudulent, including but not limited to: (a) any attempt to impersonate any person or entity, including any other user, CrowdStrike or a CrowdStrike employee; (b) any attempt to misrepresent your identity or affiliation with any person or organization; or (iv) for the purposes of recruiting, advertising, solicitation or commercial activities of any kind without our express written consent.

THE ARTWORK IS PROVIDED TO YOU BY CROWDSTRIKE ON AN “AS IS” AND “AS AVAILABLE” BA SIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. EXCEPT TO THE EXTENT THAT A DISCLAIMER OF LIABILITY IS PROHIBITED UNDER APPLICABLE LAW, IN NO EVENT WILL CROWDSTRIKE, ITS AFFILIATES AND ITS LICENSORS, EMPLOYEES, AGENTS, OFFICERS AND DIRE CTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE ARTWORK.