Is it the work of a Vietnamese hacker group?... Mandiant issues warning on malicious ads stealing personal information

[Financial News] Google Cloud's Mandiant has identified the Vietnam-linked hacking group suspected to be behind malicious ads exploiting artificial intelligence (AI) tools to steal user personal information as 'UNC6032', urging caution. 
Mandiant's Threat Defense division announced these findings on the 28th, stating, "We have identified thousands of such ads on social media platforms like Facebook and LinkedIn, and we expect similar campaigns may be operating on other platforms as well."
They used a method of posting malicious ads impersonating popular AI video generation tool brands like Luma AI and Canva Dreamlab on social media to lure clicks.
When a user clicks on the ad, they are redirected to a malicious site disguised as an AI tool, and if a file is downloaded, instead of AI-generated content, infostealer malware and backdoors are installed.
Through this, attackers can steal users' login credentials, credit card information, and other sensitive information, and the collected data is presumed to be traded in the cyber market.
According to Mandiant's recently released M-Trends 2025 report, credential theft is one of the top initial infection vectors, posing a continuous threat to both individuals and businesses.
Meta has reportedly started detecting and removing a significant portion of malicious ads, domains, and accounts from 2024, before Mandiant alerted them to additional malicious activities.
However, as new malicious ads are created daily, continuous cooperation across the industry is essential to more effectively protect users, according to Mandiant.
Additionally, to prevent damage from malicious ads, it is emphasized that actions such as △being cautious when usage is possible without logging in △being careful with file downloads △checking file names △verifying account pages are necessary. 
Yash Gupta, Senior Manager of Mandiant's Threat Defense division, stated, "Threat actors are continuously evolving their tactics, techniques, and procedures (TTPs). This attack weaponizes the popularity of AI tools by combining them with malicious ads," adding, "Sophisticated websites masquerading as AI tools can be a threat to both individuals and organizations. Even if they appear harmless, special caution is needed when accessing websites connected through ads."

wongood@fnnews.com Joo Won-kyu Reporter