OceanLotus: Extending Cyber Espionage Operations Through Fake Websites

Volexity reports that the OceanLotus APT has created and operated numerous convincing fake news websites and Facebook pages to profile visitors, spear-phish targets, and deliver platform-specific malware—including a malicious DLL that loads a Cobalt Strike Beacon—using social-engineered fake video/Flash prompts and cloud-hosted payloads; the report provides technical details, decoded C2 configuration, and a comprehensive set of IOCs for detection and mitigation.