ASEAN Trade Repository

The organisation is known as the ASEAN Trade Repository, also abbreviated as ATR.
Its headquarters is located in Viet Nam.
As indicated by its name, it functions as a repository for ASEAN trade‑related information.

In May 2017, specifically on 2017-05-31, the ASEAN Trade Repository became the target of a sophisticated cyberespionage campaign.
The campaign was attributed to the Vietnam‑based threat group OceanLotus, also tracked as APT32.
The attackers not only focused on the repository but also on associated entities spanning government, military, human rights, media, and civil society organizations across the region.
To facilitate the intrusion, the threat actors compromised over 100 websites, using them as platforms for mass digital surveillance.
They strategically altered the content of these sites to socially engineer visitors into either installing malware or divulging their email credentials.
Custom Google Applications were deployed to hijack Gmail accounts, enabling the harvest of contacts and private communications.
A whitelist approach was employed to concentrate efforts on predetermined high‑value targets, reducing noise and increasing efficiency.
The operational infrastructure relied on a distributed network of domains that impersonated legitimate services such as Google and Facebook.
These fraudulent domains were secured with Let's Encrypt certificates, lending them an appearance of trustworthiness.
Exclusive backdoors, including instances of the Cobalt Strike framework, were installed to maintain persistent access.
The overall operation enabled extensive information theft and the creation of detailed profiles of individuals and entities linked to multiple ASEAN summits.