OceanLotus (APT32) — Vietnam-nexus APT; PyPI supply chain campaign

actor · actor:OceanLotus

Coverage timeline

first 2026-05-07 → last 2026-05-07

Briefs

1 distinct

Sources cited

1 hosts

Sections touched

research

Co-occurring entities

no co-occurrence

Story timeline

2026-05-07CTI Daily Brief — 2026-05-07
researchFirst coverage. PyPI supply chain campaign since July 2025; ZiChatBot delivered via fake utility packages; Zulip API used for C2; 64% algorithmic similarity to prior OceanLotus dropper. [SINGLE-SOURCE-OTHER]

Where this entity is cited

research1

Source distribution

securelist.com1 (100%)

All cited sources (1)

securelist.comprimaryinlineKaspersky Securelist, 2026-05-06https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/
source profile · cited in 2026-05-07

Items in briefs about OceanLotus (APT32) — Vietnam-nexus APT; PyPI supply chain campaign

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.