Hackers Likely Associated With Vietnamese Government Are Attacking Foreign Economic Competitors and Governments Alike
Threat intelligence firm IntSights has issued a threat brief on the growing offensive cyber capabilities of Vietnam. The reasoning is a combination of state-affiliated -- or at least state-aligned -- advanced groups APT32 (OceanLotus) and APT-C-01 (Poison Ivy), and local cyber legislation that is promoting the development of cyber subterfuge among Vietnamese young.
The threat brief is authored by Charity Wright, a cyber threat intelligence analyst and former NSA offensive Asia Analyst. The existing threat is primarily a response to economic issues; but increasing cyber capabilities will come as a response to internal political issues.
The latter effect is focused on Vietnam's control over the internet and its use. A new cybersecurity law which came into effect at the beginning of 2019 requires companies like Google and Facebook to open offices in Vietnam, store local user data in Vietnam, and hand over personal information to government on demand. The law also allows censorship and created a 10,000 strong Force 47," to combat," says the analyst, "proliferation of views it deems offensive or toxic."
The result, however, is a migration of youngsters to the dark web. "As Vietnamese authorities attempt to strengthen their grip via censorship," she continues, "they drive more and more Vietnamese citizens to the dark web for access to unfiltered content." In these dark web forums, cyber capable youngsters are likely to learn the skills of cyber criminality.
"While Vietnam may not have the resources to combat world superpowers - like China or the U.S. - in traditional warfare or economic stature, cyber is leveling the playing field," comments Wright. "Vietnam has the potential to develop into a cybercriminal outpost, as its government continues to censor the public and push its youthful middle class toward the fringes with its strict internet legislation."
The two primary advanced hacking groups are either state-sponsored or closely align themselves with government policy. That policy is rapid economic expansion. The country's "one-party government," says the brief, "has committed to an aggressive economic growth strategy, searching for advantages it can gain over the more established regional economic powerhouses - China, Japan, South Korea, and neighboring Southeast Asian countries like Singapore."
Noticeably, OceanLotus (which has been compared to Russian hacking groups in its degree of sophistication) has been targeting foreign governments, businesses, and dissidents for financial gain and to equip the government with economic intelligence on its rivals. In recent months it has targeted the automotive industry, which the analyst believes is directly connected to the imminent launch of Vietnam's first domestic auto company planned for September 2019.
The Poison Ivy group, so named for its use of the Poison Ivy RAT, has been operating cyber espionage campaigns against Chinese intelligence agencies, military operations, academic institutions, and scientific research labs since at least 2007. (Poison Ivy is also used by one of China's own leading hacking groups, APT10.)
The future threat from Vietnam is likely to come on two-fronts -- basic cyber criminality caused by internal political policy pushing citizens onto the dark web criminal training ground, and increasing state activity supporting Vietnamese economic policies. The economic drive is similar to China, writ small.
"There are clear parallels between the two nations' strategies." Charity Wright told SecurityWeek. "Economic growth creates power. Cyber espionage fuels economic advantages. We can definitely expect to see Vietnamese targets change to align with changing economic priorities." But it is also likely to increase. Political policy will increase the number of cyber criminals in Vietnam -- and national governments have a tendency to recruit from their 'best' cybercriminals. The threat from Vietnam is likely to grow.
Related: Vietnam Accuses Facebook of Breaching New Cyber Law
Related: Vietnam-Linked Hackers Use Atypical Executables to Avoid Detection
Related: APT32: Vietnamese Hackers Target Foreign Corporations
Related: "OceanLotus" Spies Use New Backdoor in Recent Attacks