Oceanlotus APT

Type: Nation-State-Sponsored

OceanLotus APT Status: Inactive

Other Names: APT32

Active Since/Discovered: 2012/ 2015

Last Report: June 3, 2015


    • 92% of targets are in mainland China and Beijing

Target Sectors:

  • maritime institutions, shipping enterprises, Chinese government departments, and research institutes


Preferred Attack Vector: Phishing emails and watering hole attacks


    • Stolen documents had little commercial value
    • Group is persistent and highly organized
    • China believes OceanLotus may be U.S. based
      • Could be based out of any country fighting with China over the South China Sea
      • Could also be a self-targeted campaign (false-flag) meant to dissuade allegations that China is a major cyber-threat sponsor (via “look we were hacked too”)
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google