OceanLotus SPECTRALVIPER campaigns targeting Vietnam
Campaign
Summary
Hide ▲
Show ▼
OceanLotus expanded its Vietnam-focused espionage operations with two attributed campaigns using SPECTRALVIPER, broadening risk to a Vietnamese infrastructure and transport construction corporation and a small subset of stock investors. The activity combines a long-running intrusion set with a FireAnt Metakit supply-chain attack, showing selective delivery through trusted software and a stronger focus on domestic targets.
Related Happenings
SPECTRALVIPER DLL sideloading backdoor activity
Malware Activity
H score31
First: 11.06.2026 12:45
Last: 11.06.2026 12:45
Sources 1
How related:
The payload is a DLL side-loading chain that employs a legitimate binary to launch a rogue DLL ("DtlCrashCatch.dll"), which then injects itself into the OneDrive.Sync.Service.exe process to trigger the execution of SPECTRALVIPER.
About this happening:
The **SPECTRALVIPER** backdoor was executed on affected **Windows** hosts through a **DLL sideloading** chain during **October 2025 to March 2026**, giving operators a way to run...
SPECTRALVIPER DLL sideloading backdoor activity
Malware ActivityHow related: The payload is a DLL side-loading chain that employs a legitimate binary to launch a rogue DLL ("DtlCrashCatch.dll"), which then injects itself into the OneDrive.Sync.Service.exe process to trigger the execution of SPECTRALVIPER.
About this happening: The **SPECTRALVIPER** backdoor was executed on affected **Windows** hosts through a **DLL sideloading** chain during **October 2025 to March 2026**, giving operators a way to run...
FamousSparrow Middle East maritime and energy targeting campaign
Campaign
H score33
First: 29.05.2026 12:00
Last: 29.05.2026 12:00
Sources 1
About this happening:
China-aligned **FamousSparrow** escalated a **maritime and energy** espionage campaign across the **Middle East**, putting regional shipping and infrastructure intelligence at gre...
FamousSparrow Middle East maritime and energy targeting campaign
CampaignAbout this happening: China-aligned **FamousSparrow** escalated a **maritime and energy** espionage campaign across the **Middle East**, putting regional shipping and infrastructure intelligence at gre...
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
H score38
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
UAT-8302 government-targeting campaign across South America and southeastern Europe
Campaign
H score33
First: 05.05.2026 17:19
Last: 05.05.2026 17:19
Sources 1
About this happening:
The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
UAT-8302 government-targeting campaign across South America and southeastern Europe
CampaignAbout this happening: The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
APT28 long-term espionage campaign targeting Ukrainian military personnel
Campaign
H score40
First: 10.03.2026 12:55
Last: 10.03.2026 12:55
Sources 1
About this happening:
A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...
APT28 long-term espionage campaign targeting Ukrainian military personnel
CampaignAbout this happening: A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...
Timeline
-
11.06.2026 12:45 2 articles · 8h ago
OceanLotus SPECTRALVIPER campaigns targeting Vietnam
Initial DisclosureThe earliest documented phase was a **prolonged espionage intrusion** against a **Vietnamese infrastructure and transport construction corporation** that began around **November 2024** and persisted through **February 2026**. That access later intersected with the same **SPECTRALVIPER** tooling used in a separate **supply-chain attack** against stock investors.
Show sources
- OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack — thehackernews.com — 11.06.2026 12:45
- OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack — thehackernews.com — 11.06.2026 12:45