APT32 (OceanLotus) exploited suspected Microsoft SQL Server vulnerabilities as the initial access vector in a campaign against a Vietnamese transport construction firm, maintaining undetected access for over one year. Post-exploitation involved process injection into OneDrive.Sync.Service.exe and DLL side-loading to evade detection. No CVE has been assigned to the specific SQL Server flaw; Microsoft is implicated as an affected technology platform in an attributed nation-state espionage campaign.