MEDIUMSupply Chain
Global

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

·Source: The Hacker News

Updated:

Executive Summary

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack

Analysis

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack
Source Attribution

Originally published by The Hacker News on Jun 11, 2026.

Related Threats

MEDIUMSupply Chain

Atomic Arch npm Campaign Adds Malicious Dependency

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/RapidResponse_Templates_Malware%20%284%29.png" alt="Atomic Arch" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>

Sonatype (Maven/npm)
MEDIUMSupply Chain

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished this all looks now. Mule networks run like SaaS.

The Hacker News
MEDIUMSupply Chain

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished this all looks now. Mule networks run like SaaS.

The Hacker News