Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/5/2019
06:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Vietnam Rises as Cyberthreat

The country's rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.

Vietnam has rarely been associated with cybercrime activity in the same way other Asian nations, such as China, North Korea, and Iran, have in recent years. But that could change soon.

According to a new report from Intsights, cybercrime and cyber espionage activity in Vietnam is growing.

Vietnamese-language based Internet traffic and activity on the Deep and Dark Web is increasing, and so are attacks on foreign multinational organizations based in the country — particularly automotive companies and media outlets.

At least one previously known advanced persistent threat (APT) group — APT32/OceanLotus — appears to be working in support of the government's strategic interests. Over the past year or so, the threat group has ramped up attacks against Vietnamese and Cambodian media outlets viewed as hostile to the government. The threat actor has also been increasingly going after automobile manufacturers in advance of the planned launch of Vietnam's first domestically manufactured vehicles this September.

"This is an optimal time to be keeping a close eye on Vietnam, their economy, and their cyber operations — both state-sponsored and group," says Charity Wright, cyberthreat intelligence analyst at IntSights. Several factors are contributing to the increased threat activity, she says. One is the country's rapid economic growth.

Vietnam's one-party government has committed to aggressive economic growth and has been investing in domestic technology development. With the country seeking ways to gain an advantage over regional economic powerhouses like China, Japan, and South Korea, there has been an increase in cyber espionage activity targeting multinationals, IntSights said.

APT32's attacks on auto manufacturers serve as one example. Last year the group launched a worldwide malware and espionage campaign targeting major auto companies, such as Toyota. The timing of the attacks suggests the group was tasked with gathering intelligence on rivals and potentially even disrupting their operations with a view to helping VinFast, Vietnam's first domestic auto company, get off the ground faster.

Internet Censorship Law
The increased threat activity, at least partly, also appears tied to an unpopular Internet censorship law that Vietnam's government passed last year, IntSights said. The law requires social media companies, such as Facebook and Twitter, to maintain local offices in Vietnam, store local user data within the country, and hand the data over to the government upon request.

The law puts restrictions on what people can say and do on social media. The government has also established a cyber offensive unit called Force 47, comprising some 10,000 members to enforce the law. Force 47's mission is to monitor for and block access to content that the government deems as unfriendly and unsavory.

The censorship law has driven a growing number of Vietnamese users to the Dark Web, and more people have begun seeking information on cryptocurrencies and cybercrime opportunities, according to the IntSights report. Vietnamese-speaking users have increasingly begun populating well-known, multilanguage, underground forums, though sites dedicated solely to Vietnamese users continue to have relatively low membership, Wright says.

Hacker Vietnam Association (HVA), a Vietnamese hacking website, had over 14,000 members when it was shut down last year. The site offered information on a variety of topics, including hacking, carding, Tor usage, and cryptocurrencies.

Since then, other sites have taken the place of HVA, including one called Vietnam Hacker Blackhats, Wright notes. Such sites are providing a forum for Vietnamese hackers to collaborate, trade ideas, and tutor each other on a wide variety of malicious activities, including how to access dark sites, steal bank and credit card information, hack social media account, and reverse-engineer malware. Other researchers have associated at least one other APT — Poison Ivy, aka APT-C-01 — with Vietnam. But IntSights is unable to confirm that information, Wright says.

"This is a dynamic time for Vietnam because of the rise of their state-sponsored APT32 and the growth of the Vietnamese-language cyber underground," Wright says.  

The nation is fast developing new technologies and learning how to use its Force 47 offensive unit to further economic growth and the objectives of the Vietnamese Communist party, she says.

Up until now, the targets have been directly aligned with the country's economic and political interests. But Vietnam-based cybercrime activity has been observed targeting US and global banks, social media websites, and other organizations.

"We are witnessing the rise and development of a viable global cyberthreat and notable migration of young, technical population to the Deep and Dark Web," Wright says. 

Related Content:

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...