A hacker group “aligned with Vietnamese government interests” carried out attacks on corporate companies, journalists and overseas governments over the past three years, according to a report from cyber security firm FireEye.
FireEye, which works with large companies to secure their assets from cyber threats, said it has tracked at least 10 separate attacks from the group — referred to as OceanLotus, or APT32 — since 2014. Targets included members of the media, and private and public sector organizations from across Germany, China, the U.S., the Philippines, the UK and Vietnam itself, according to the report.
The group used sophisticated tactics to deliver malware that, when enabled, could give remote access to devices and files on a host machine, potentially opening up troves of private information to outsiders.
In one incident, an undisclosed European corporation was “compromised” before developing a manufacturing facility in Vietnam, FireEye said. Other attacks were made against overseas-based Vietnamese journalists, companies with plans to expand into Vietnam and Vietnam-based offices of consulting companies with global clientele.
FireEye claimed the hacker group is behind previously publicized attacks on government agencies and private companies in China — documented by Qihoo360 — and media and dissidents in Vietnam, as noted by the EFF.
FireEye’s Nick Carr, who authored the report, admitted that there is no direct linkage between the group and the Vietnamese government, but he argued that analysis of the targets and the nature of the attacks makes a connection clear.
“APT32 accessed personnel details and other data from multiple victim organizations that would be of very little use of to any party other than the Vietnamese government,” Carr said in a statement to TechCrunch. “Additionally, the timing of APT32’s intrusions appears to correspond with many its victims’ engagements with the Vietnamese government on regulatory matters.”
The Vietnamese government denied the claims.
“The government of Vietnam does not allow any form of cyber-attacks against organizations or individuals. All cyber-attacks or threats to cybersecurity, must be condemned and severely punished in accordance with regulations and laws,” a spokesperson told Reuters.
Beyond targeting media that may be viewed as a threat to its single-party political system — which has jailed bloggers and heavily regulates media — Carr said that Vietnam’s adoption of cyber attacks is symptomatic of a wider trend among smaller nations who seek an edge against other governments, or to aid national businesses that battle international rivals.
“The unauthorized access [from attacks] could serve as a platform for law enforcement, intellectual property theft, or anticorruption measures that could ultimately erode the competitive advantage of targeted organizations,” Carr wrote.
“While actors from China, Iran, Russia, and North Korea remain the most active cyber espionage threats tracked and responded to by FireEye, APT32 reflects a growing host of new countries that have adopted this dynamic capability,” he added.
It’s been a hectic few days for the information security industry. But FireEye’s report and its findings are not related to the recent wave of global cyber attacks known as WannaCry, which began with a wave of malware outbreaks late last week.
Those attacks, which appear to have been triggered by a group called Shadow Brokers leaking details of NSA hacking tools, are believed to have affected close to 100 countries already, including the UK’s National Health Service. Experts are bracing themselves for a second round as the new business week begins across the world.