![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
CVE-2024-31340 – TP-Link Tether and TP-Link Tapo Vulnerability
May 24, 2024![Emerging Cyber Threats in the Middle East Retail Sector](https://www.rewterz.com/wp-content/uploads/2024/05/Thumbnail-image-150x150.jpg)
Emerging Cyber Threats in the Middle East Retail Sector
May 24, 2024![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
CVE-2024-31340 – TP-Link Tether and TP-Link Tapo Vulnerability
May 24, 2024![Emerging Cyber Threats in the Middle East Retail Sector](https://www.rewterz.com/wp-content/uploads/2024/05/Thumbnail-image-150x150.jpg)
Emerging Cyber Threats in the Middle East Retail Sector
May 24, 2024Severity
High
Analysis Summary
A Vietnam-based threat group, APT32 (OceanLotus Group) has been active since 2014. It is well-known for carrying out sophisticated attacks on a variety of private companies, journalists, foreign governments, and activists, with a major focus on Southeast Asian nations such as Vietnam, the Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims.
APT32 uses a unique suite of fully-featured malware in combination with commercially available tools to undertake targeted operations that are congruent with Vietnamese state interests. The APT32 attack includes irrelevant code to deceive security tools and go undetected. Threat actors behind this group appear to be well-resourced and supported since they employ a diverse collection of domains and IP addresses as command and control infrastructure.
Impact
- Espionage and Intellectual Theft
- Extrusion of Data
Indicators of Compromise
MD5
- 7359c60a8ca079c00f6cbe7556224ac5
- 901c15247f858aac0ef1240b834942a7
SHA-256
- 57fff03990c4eb45b4fdcaa8df0794658cf6e11fe4fd5011400758bd8cbc5a63
- e0b176aa8d4496adef17b4a698a84872b02ed13dd0ffab6a9f040b20578c07d2
SHA-1
- d16a4d6a63c030ff88b55d4fe37d63ed547b64b7
- 41808d250be2c08eb194b4b1d3293a8712f11ad1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Emails from unknown senders should always be treated with caution.
- Never open links or attachments from unknown senders.