An investigation by Amnesty International has identified a campaign of spyware attacks targeting Vietnamese human rights defenders (HRDs) from February 2018 to November 2020. The organisation attributes the campaign to an attack group known as Ocean Lotus, which has targeted the private sector and HRDs since at least 2014.

The spyware identified by Amnesty International targeted both Mac OS and Windows operating systems. Against Windows systems the attackers used Cobalt Strike, a commercial software developed by the American company Strategic Cyber, owned by HelpSystems. Cobalt Strike is used to lawfully audit the security of organizations through simulated attacks, but unlicensed versions have been used by attack groups for malicious purposes, with increasing frequency over the past three years according to Amnesty International.

We invited Cobalt Strike to respond to the investigation showing its technology has been used by Ocean Lotus to target Vietnamese human rights defenders; response provided.