CYBERSECURITY firm FireEye says hackers in Vietnamese are responsible for cyberattacks that have been launched against foreign companies and various targets.
Basing their information on the type of information and tactics used, the cybersecurity company yesterday concluded in a report hackers with links to the Vietnamese government have been surreptitiously digging away for information and breaking into foreign companies’ frameworks over the course of many years.
According to The New York Times, this report signals one of many instances of small countries gaining notoriety and the upper hand through hacking.
— Bloomberg (@business) May 15, 2017
The report details the actions of hackers who seek to undermine corporations by launching attacks against rivals or sneaking into confidential company files for any traces of information that could be used against them. FireEye had been following a particular Vietnamese group called OceanLotus, which had placed specific foreign companies in their cross-hairs, including those involved in manufacturing, hospitality and consumer products.
Among some of the targets were a European manufacturing facility which was hacked in 2014, various Vietnamese and foreign security, technology and banking groups which became compromised in 2016, as well as a 2017 attack on a global consulting firm. Many of these firms fell prey to phishing practices and found their corporate secrets compromised by hackers.
The hackers had been at it since at least 2014, reports the California-based company. It appears as if OceanLotus mimicked strategies that had been used by the Vietnam government against local dissidents and journalists, as well as foreign governments, whose actions have stood at cross-purposes with the administration.
OceanLotus was alleged to have stolen “personnel details and other data from multiple victim organizations that would be of very little use to any party other than the Vietnamese government”, Nick Carr, a security expert at FireEye and the primary author of the report, told The New York Times.
The Vietnamese government has pushed back against these allegations, calling the report “groundless”. Foreign Ministry spokesman Le Thi Thu Hang said in an emailed statement to the NYT Vietnam “does not allow cyberattacks on organizations or individuals”.
“All cyberattacks or threats to cybersecurity must be condemned and severely punished in accordance with regulations and law.” – Le Thi Thu Hang
Vietnam is not the only country to be implicated in FireEye’s report on OceanLotus – the company also reported on attacks on companies from China, Germany, the Philippines and the US.
However, perhaps more malicious is the rising tide of digital sabotage as the future of international conflict. The links between Vietnamese hackers and the state stick deep, particularly when the conflicts emerge out of a relationship between a large and small country. OceanLotus is significant not because of the kind of attacks it has launched against foreign companies but because of its ties to Vietnam’s Communist government. Similarly, North Korea, poor and dependent on China’s benevolence, has resorted time and again to hacking to draw power and money.
FireEye Asian threat intelligence branch director Tim Wellsmore told the NYT state-backed hacking efforts is “the new way to do espionage in the 21st century” due to the low-cost, highly effective nature of cyberattacks.
Despite the fact most Southeast Asia’s digital threats come from the private sector, FireEye said OceanLotus was notable because it appeared to be state-sponsored due to the nature of the targets, as well as the tools they used. Wellsmore told NYT the tools used by groups from Asia are non-commercial and becoming increasingly sophisticated, a signal these hackers are finding support in high places.
The political implications of state-sponsored hacking are beginning to come to light, particularly as countries grapple with their own cyber vulnerability and how it could affect their finances, privacy and safety. In Vietnam, constant surveillance is an ever-present problem, particularly for journalists, activists and dissidents who are now beginning to become targets of digital operations, according to an Electronic Frontier Foundation (EFF) blog post.
“The Vietnamese government has cracked down sharply on anti-government bloggers, who represent the country’s only independent press,” wrote the EFF, detailing various malware actions against the organization itself, as well as several prominent Vietnamese figures and an Associated Press journalist.
“While it is clear that this group has been targeting members of the Vietnamese diaspora for some time, these campaigns indicate that journalists and US activists are also under attack…it appears that a single blog post is enough to make you a target for Vietnamese spying.” – EFF
Microsoft president Brad Smith lashed out against governments and military forces who are building up arsenals of digital weapons, shortly after the WannaCry ransomware virus spreads across the globe. He called for a “digital Geneva Convention”, according to the NYT, that will work to build protections against state-sponsored hackings that have plagued the US and European elections.