Since around the fall of 2018, we have observed attacks by OceanLotus at the Southeast Asian bases of multiple automobile-related companies. Based on reports that Vietnam's first domestic car manufacturer is planning to start sales in August 2019, analysis suggests that the aim is to collect intellectual property and business intelligence. This OceanLotus attack is characterized by landing on bases in Southeast Asia, where governance is relatively poor, and requires stronger governance and security measures at overseas bases. Since the attack campaign is still continuing and poses a threat to domestic automobile-related companies, Macnica would like to introduce OceanLotus' countermeasures and indicators.

1. What is OceanLotus
2. OceanLotus Southeast Asia Auto Industry Attacks and Motives
3. Attack method and characteristics
   1. spear phishing email
   2. malware
   3. Post-intrusion reconnaissance and spread of infection
   4. Open Source OceanLotus Attack Indicators and Correlation
4. Attack mitigation and detection
5. Indicator/ Yara