(Bloomberg) — Vietnamese hackers began targeting Chinese government officials at the heart of the coronavirus outbreak in the early days of 2020, when the threat of pandemic had barely registered elsewhere in the world, according to findings by cybersecurity firm FireEye Inc.
The attacks were going on as early as January 6 and continued through April, said Ben Read, a senior manager for cyber-espionage in the firm’s threat intelligence unit. The campaign of spearphishing and malware fit a pattern the firm ascribed to APT32, a group of hackers working for the Vietnamese government, and the group’s targets were the government of Wuhan and the national ministry of emergency management, he said.
“This group is what Vietnam has for cyber-espionage. It doesn’t have four or five times that — this is their group,” he said. “So if this is what they’re doing at this time, it’s a priority for them.”
The Vietnamese foreign ministry called the report “baseless.”
“Vietnam prohibits cyber-attacks against organizations and individuals in any form,” deputy spokesperson Ngo Toan Thang said in a statement online.
China’s foreign ministry didn’t respond to requests for comment.
In recent months, criminal hackers and those operating on behalf of nation states have used the global pandemic to retool hacking campaigns and deluge the internet with cyber-attacks. The World Health Organization, government health agencies and hospitals have all reported a surge in attempted hacks.
Chinese government officials and diplomatic missions around the world have come under repeated attack online from hackers trying to gain access to pandemic information, cybersecurity experts have said. The Vietnamese, as wary neighbors, would have been among them, Read said.
“I think it would make a lot of sense for Vietnam to be very concerned about these things,” he said. “Any neighbor of China needs to be worried about what’s going on in China.”
Vietnam was one of the earliest places the coronavirus began to spread outside of China. By the end of January, the Southeast Asian nation reported one of the first cases of human to human transmissions, leading its national carrier to suspend all flights to China and close its borders its northern neighbor. By the end of February, an entire village of 10,000 people was locked down to prevent the virus from spreading.
Since then, Vietnam has waged one of the more successful campaigns against the virus, with no reported deaths and fewer than 300 confirmed cases. It’s now considering lifting many of its social restrictions.
FireEye said the campaign was targeted toward a small number of people who were sent emails containing a tracking pixel that allowed the hackers to see if they were opened. The cyber firm said it tracked the group through malware called MetalJack that it says is associated only with APT32.
FireEye’s researchers don’t know if the Vietnamese hackers were successful, Read said.
China and Vietnam have had a long and contentious relationship, and online attacks have only fueled that wariness, experts say.
In July 2016, Chinese groups claimed responsibility for hacking Vietnam’s airports and displaying propaganda critical of Vietnam’s claims to the disputed South China Sea, as well as leaking Vietnam Airlines’ database of frequent flyers.
Those incidents “incensed” Vietnam, and led to a natural evolution of Vietnam learning to defend itself online, said Carl Thayer, emeritus professor at the University of New South Wales in Australia.
Vietnam established its own cyber command in 2017 as a “combat component of the Vietnam People’s Army” and counts cyberwarfare among its responsibilities.
“It cuts its teeth on denial-of-service attacks on Vietnamese dissidents and then onto industrial espionage, trying to get intellectual property from foreign companies,” Thayer said. The Vietnamese have gradually become more sophisticated, joining a group of countries that are growing their cyber capabilities but aren’t yet in the same league as China, Russia, Iran and the U.S.
Anti-Chinese sentiment among the Vietnamese population is “toxic,” Thayer said, particularly after a Vietnamese fishing boat sunk in the South China Sea earlier this month after it was rammed by a Chinese vessel.
“It’s always implied that there’s no trust,” he said. Since China is Vietnam’s “largest intelligence collection target,” it wasn’t a surprise that Vietnam acted as quickly as it did on the virus, Thayer said.
For more articles like this, please visit us at bloomberg.com
Subscribe now to stay ahead with the most trusted business news source.
©2020 Bloomberg L.P.