Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/5/2019
06:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Vietnam Rises as Cyberthreat

The country's rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.

Vietnam has rarely been associated with cybercrime activity in the same way other Asian nations, such as China, North Korea, and Iran, have in recent years. But that could change soon.

According to a new report from Intsights, cybercrime and cyber espionage activity in Vietnam is growing.

Vietnamese-language based Internet traffic and activity on the Deep and Dark Web is increasing, and so are attacks on foreign multinational organizations based in the country — particularly automotive companies and media outlets.

At least one previously known advanced persistent threat (APT) group — APT32/OceanLotus — appears to be working in support of the government's strategic interests. Over the past year or so, the threat group has ramped up attacks against Vietnamese and Cambodian media outlets viewed as hostile to the government. The threat actor has also been increasingly going after automobile manufacturers in advance of the planned launch of Vietnam's first domestically manufactured vehicles this September.

"This is an optimal time to be keeping a close eye on Vietnam, their economy, and their cyber operations — both state-sponsored and group," says Charity Wright, cyberthreat intelligence analyst at IntSights. Several factors are contributing to the increased threat activity, she says. One is the country's rapid economic growth.

Vietnam's one-party government has committed to aggressive economic growth and has been investing in domestic technology development. With the country seeking ways to gain an advantage over regional economic powerhouses like China, Japan, and South Korea, there has been an increase in cyber espionage activity targeting multinationals, IntSights said.

APT32's attacks on auto manufacturers serve as one example. Last year the group launched a worldwide malware and espionage campaign targeting major auto companies, such as Toyota. The timing of the attacks suggests the group was tasked with gathering intelligence on rivals and potentially even disrupting their operations with a view to helping VinFast, Vietnam's first domestic auto company, get off the ground faster.

Internet Censorship Law
The increased threat activity, at least partly, also appears tied to an unpopular Internet censorship law that Vietnam's government passed last year, IntSights said. The law requires social media companies, such as Facebook and Twitter, to maintain local offices in Vietnam, store local user data within the country, and hand the data over to the government upon request.

The law puts restrictions on what people can say and do on social media. The government has also established a cyber offensive unit called Force 47, comprising some 10,000 members to enforce the law. Force 47's mission is to monitor for and block access to content that the government deems as unfriendly and unsavory.

The censorship law has driven a growing number of Vietnamese users to the Dark Web, and more people have begun seeking information on cryptocurrencies and cybercrime opportunities, according to the IntSights report. Vietnamese-speaking users have increasingly begun populating well-known, multilanguage, underground forums, though sites dedicated solely to Vietnamese users continue to have relatively low membership, Wright says.

Hacker Vietnam Association (HVA), a Vietnamese hacking website, had over 14,000 members when it was shut down last year. The site offered information on a variety of topics, including hacking, carding, Tor usage, and cryptocurrencies.

Since then, other sites have taken the place of HVA, including one called Vietnam Hacker Blackhats, Wright notes. Such sites are providing a forum for Vietnamese hackers to collaborate, trade ideas, and tutor each other on a wide variety of malicious activities, including how to access dark sites, steal bank and credit card information, hack social media account, and reverse-engineer malware. Other researchers have associated at least one other APT — Poison Ivy, aka APT-C-01 — with Vietnam. But IntSights is unable to confirm that information, Wright says.

"This is a dynamic time for Vietnam because of the rise of their state-sponsored APT32 and the growth of the Vietnamese-language cyber underground," Wright says.  

The nation is fast developing new technologies and learning how to use its Force 47 offensive unit to further economic growth and the objectives of the Vietnamese Communist party, she says.

Up until now, the targets have been directly aligned with the country's economic and political interests. But Vietnam-based cybercrime activity has been observed targeting US and global banks, social media websites, and other organizations.

"We are witnessing the rise and development of a viable global cyberthreat and notable migration of young, technical population to the Deep and Dark Web," Wright says. 

Related Content:

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.