Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/5/2019
06:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Vietnam Rises as Cyberthreat

The country's rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.

Vietnam has rarely been associated with cybercrime activity in the same way other Asian nations, such as China, North Korea, and Iran, have in recent years. But that could change soon.

According to a new report from Intsights, cybercrime and cyber espionage activity in Vietnam is growing.

Vietnamese-language based Internet traffic and activity on the Deep and Dark Web is increasing, and so are attacks on foreign multinational organizations based in the country — particularly automotive companies and media outlets.

At least one previously known advanced persistent threat (APT) group — APT32/OceanLotus — appears to be working in support of the government's strategic interests. Over the past year or so, the threat group has ramped up attacks against Vietnamese and Cambodian media outlets viewed as hostile to the government. The threat actor has also been increasingly going after automobile manufacturers in advance of the planned launch of Vietnam's first domestically manufactured vehicles this September.

"This is an optimal time to be keeping a close eye on Vietnam, their economy, and their cyber operations — both state-sponsored and group," says Charity Wright, cyberthreat intelligence analyst at IntSights. Several factors are contributing to the increased threat activity, she says. One is the country's rapid economic growth.

Vietnam's one-party government has committed to aggressive economic growth and has been investing in domestic technology development. With the country seeking ways to gain an advantage over regional economic powerhouses like China, Japan, and South Korea, there has been an increase in cyber espionage activity targeting multinationals, IntSights said.

APT32's attacks on auto manufacturers serve as one example. Last year the group launched a worldwide malware and espionage campaign targeting major auto companies, such as Toyota. The timing of the attacks suggests the group was tasked with gathering intelligence on rivals and potentially even disrupting their operations with a view to helping VinFast, Vietnam's first domestic auto company, get off the ground faster.

Internet Censorship Law
The increased threat activity, at least partly, also appears tied to an unpopular Internet censorship law that Vietnam's government passed last year, IntSights said. The law requires social media companies, such as Facebook and Twitter, to maintain local offices in Vietnam, store local user data within the country, and hand the data over to the government upon request.

The law puts restrictions on what people can say and do on social media. The government has also established a cyber offensive unit called Force 47, comprising some 10,000 members to enforce the law. Force 47's mission is to monitor for and block access to content that the government deems as unfriendly and unsavory.

The censorship law has driven a growing number of Vietnamese users to the Dark Web, and more people have begun seeking information on cryptocurrencies and cybercrime opportunities, according to the IntSights report. Vietnamese-speaking users have increasingly begun populating well-known, multilanguage, underground forums, though sites dedicated solely to Vietnamese users continue to have relatively low membership, Wright says.

Hacker Vietnam Association (HVA), a Vietnamese hacking website, had over 14,000 members when it was shut down last year. The site offered information on a variety of topics, including hacking, carding, Tor usage, and cryptocurrencies.

Since then, other sites have taken the place of HVA, including one called Vietnam Hacker Blackhats, Wright notes. Such sites are providing a forum for Vietnamese hackers to collaborate, trade ideas, and tutor each other on a wide variety of malicious activities, including how to access dark sites, steal bank and credit card information, hack social media account, and reverse-engineer malware. Other researchers have associated at least one other APT — Poison Ivy, aka APT-C-01 — with Vietnam. But IntSights is unable to confirm that information, Wright says.

"This is a dynamic time for Vietnam because of the rise of their state-sponsored APT32 and the growth of the Vietnamese-language cyber underground," Wright says.  

The nation is fast developing new technologies and learning how to use its Force 47 offensive unit to further economic growth and the objectives of the Vietnamese Communist party, she says.

Up until now, the targets have been directly aligned with the country's economic and political interests. But Vietnam-based cybercrime activity has been observed targeting US and global banks, social media websites, and other organizations.

"We are witnessing the rise and development of a viable global cyberthreat and notable migration of young, technical population to the Deep and Dark Web," Wright says. 

Related Content:

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
CVE-2019-12830
PUBLISHED: 2019-06-15
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.