Vietnam News

Israeli company uncovers cyberattack on Vietnam, neighbors by China-linked group​

14 mai 2020
Print Friendly, PDF & Email

A ransomware attack targeting government systems in Vietnam and several neighboring countries has been discovered by an Israeli cybersecurity firm.

Check Point Research said in a report last Thursday the cyber espionage operation has been going on under the radar for years and is connected to Naikon Advanced Persistent Threat (APT) group, which cybersecurity firms like Kaspersky, ThreatConnect and Defense Group exposed in 2015 as having links to China.

The group’s goal is to gather geo-political intelligence from government entities in Vietnam, Australia, Indonesia, Thailand, Myanmar, Brunei, and the Philippines. Its specific targets are ministries of foreign affairs and science and technology besides government-owned companies.

For instance, the group disguised one of its attacks as an email sent from a government embassy in Asia Pacific to the Australian government. Inside the malicious email was a file called « The Indians Way.doc » containing the backdoor Trojan, Aria-body.

Check Point said the Trojan can « not only locate and collect specific documents from infected computers and networks in government departments, but also extract data from removable drives, take screenshots and log keys, and of course harvest the stolen data for espionage. »

Vietnam cybersecurity company VSEC said Naikon still uses the popular attack method of sending a decoy email with a malicious file. When the victim opens the email, the computer automatically installs the malware, helping hackers collect information, steal sensitive documents and attack other computers in the same system and elsewhere.

Naikon also turns victims’ malware-infected devices and servers into a C2 server to launch new attacks targeting other government agencies.

Truong Duc Luong, a VSEC cybersecurity expert, said Naikon’s return represents new threats to cybersecurity since it has likely silently studied and developed new, sophisticated and more dangerous attacks during the last five years when it was absent.

In the past hacker group APT30 also used malicious software to access computers « containing important political, economic and military intelligence » in Asia, mainly Vietnam, Thailand, South Korea, Malaysia, and India. The espionage campaign lasted 10 years before being discovered by security company FireEye in 2015.

The Department of Information Security said in the first four months of this year it recorded a total of 1,056 cyberattacks on Vietnam, a 51.4 percent year-on-year drop.

By Chau An & Khoa Lai – VnExpress.net – May 13, 2020

Articles similaires / Related posts:

  1. Vietnam alleged to have hacked Chinese organisations in charge of COVID-19 response Apparently everyone’s cyber-spooks are mad for this right now...
  2. Hackers caught targeting Vietnam government portals The National Cyber Security Center said it has discovered and foiled a number of attempted cyberattacks on Vietnamese government portals by the China-linked Cycldek hacker group....
  3. Draft decree allows personal data collection without consent A draft decree on personal data protection says that one’s personal data may be collected, decrypted, and publicized without consent in certain circumstances....
  4. Chinese suppliers race to Vietnam as COVID let-up opens escape route from Sino-U.S. trade war Vietnam has enjoyed a wave of investment from China since its neighbour abruptly canned its strict virus-containment strategy and unleashed pent-up interest from companies – and their suppliers – fleeing the impact of Sino-U.S. trade friction....
  5. Cash-on-delivery fraud is a nightmare for gig workers in Vietnam Drivers pay out of pocket for online cash orders, expecting to be paid back by the customer — but, in Vietnam, the customers could disappear....

En poursuivant la visite de ce site, vous acceptez l’utilisation de traceurs (cookies) vous permettant juste d'optimiser techniquement votre navigation. Plus d’informations

En poursuivant la visite de ce site, vous acceptez l’utilisation de traceurs (cookies) vous permettant d'optimiser techniquement votre navigation. Aucune information sur votre utilisation de ce site ne sera partagée auprès de quelconques médias sociaux, de sociétés commerciales ou d'agences de publicité et d'analyse. Cliquer sur le bouton "Accepter", équivaut à votre consentement.

Fermer