Vietnam-Aligned Hackers Attack Foreign Firms, FireEye Saysby
Group uses social engineering, phishing to conduct attacks
Foreign governments, dissidents, journalists also victims
Cyber espionage attacks against foreign companies operating in Vietnam have been traced to a group of hackers “aligned with Vietnamese state interests,” according to a report from cyber-security provider FireEye.
The attacks by the group -- designated by FireEye as APT32 -- have been conducted since at least 2014, mainly targeting companies operating in the manufacturing, consumer products and hospitality sectors, FireEye said in the report released Sunday. The group has also targeted foreign governments, dissidents and journalists, it said.
“The unauthorized access could serve as a platform for law enforcement, intellectual property theft, or anti-corruption measures that could ultimately erode the competitive advantage of targeted organizations,” the report said.
“The government of Vietnam does not allow any form of cyber-attacks against organizations or individuals,” Ministry of Foreign Affairs spokeswoman Le Thi Thu Hang said in an email. “All cyber-attacks or threats to cybersecurity, must be condemned and severely punished in accordance with regulations and laws.”
The report comes as a new wave ransom threats hit more than 200,000 computers in at least 150 countries, affecting companies and government agencies from the U.S. to Europe to Asia. The malware used a technique purportedly stolen from the U.S. National Security Agency.
APT32 conducted the attacks by leveraging files that use social-engineering methods to entice victims, FireEye said. The file then downloads malicious payloads from remote servers, with further attacks delivered via “phishing” emails, it said.
The group is also targeting security, technology infrastructure and consultancy companies, FireEye said, adding that APT32 continues to threaten political activism and free speech in Southeast Asia and the public sector worldwide.
“Governments, journalists, and members of the Vietnam diaspora may continue to be targeted,” the report said.
According to the report, examples of the attacks by APT32 include:
- A European corporation compromised prior to constructing a manufacturing facility in Vietnam (2014)
- Vietnamese and foreign-owned corporations working in network security, technology infrastructure, banking, and media industries (2016)
- Malware detected on the networks of a global hospitality industry developer with plans to expand operations into Vietnam (2016)
- Two subsidiaries of U.S. and Philippine consumer products corporations, located inside Vietnam (2016-2017)
- Vietnamese offices of a global consulting firm (2017)
“While actors from China, Iran, Russia, and North Korea remain the most active cyber espionage threats tracked and responded to by FireEye, APT32 reflects a growing host of new countries that have adopted this dynamic capability,” the report said.