Vietnamese hackers try to attack the Chinese network to steal data

Reuters on Wednesday reported that the APT32 hacker group supporting the Vietnamese government have sought to break into personal and the working emails of staffs from China’s Ministry of Emergency Management and the Wuhan City government to get information about coronavirus.

Citing information from FireEye, a US company specializing in cybersecurity, Reuters said investigators at FireEye and other cybersecurity companies confirmed they believed the APT32 team served the Vietnamese government.

The group’s recent activities show a government-backed hacker model targeting government agencies, businesses, and health agencies in search of the new disease information and efforts to deal with it.

On its official blog, FireEye stated that the APT32 group related to the Vietnamese government had targeted the Chinese government to get information related to Covid-19.

The attacks show that virus information is a priority for espionage – everyone is targeting it, and APT32 is what Vietnam has,” Ben Read, department senior manager FireEye’s Mandiant spy risk analysis, commented with Reuters.

Reuters said the Vietnamese government did not respond to a request for comment. The email sent to the email address used by the hacker was also unresponsive. Similarly, the Department of Cyber ​​Security, the Ministry of Emergency Management, Wuhan City Government has not commented on the issue.

BBC News Vietnamese is also unable to verify this news.

According to Reuters, Vietnam has responded very quickly to the news of a new strain of coronavirus, closed its border with China and implemented strict measures to track and quarantine it to control the number of people infected below 300.

Adam Segal, a cybersecurity expert at Council on Foreign Relations in New York, told Reuters that hacking activities showed that Hanoi was promoting cyber activity. The latest attacks discovered by FireEye were one week ahead of the world’s first known case, he said.

It is not known if the attacks on China were successful, but the attacks showed that hackers including cybercriminals and government-backed spies organized their activities during the coronavirus outbreak, John Hultquist, senior director of Mandiant analysis, told Reuters.

How do Vietnamese hackers work?

According to FireEye, APT32 targets a small group of people by sending email links that can notify a hacker once the recipient opens it. The hacker then sends an email with a malicious attachment that contains a virus called METALJACK that allows them to break into the victim’s computer.

According to FireEye, APT32 utilizes a full-featured malware suite, combined with tools available in the market, to implement goals that are in line with the interests of the Vietnamese state.

An internet security specialist sketches a diagram depicting the process of creating traps and attacks by APT32 Hacker group, also known as OceanLotus Group, has been operating since at least 2013, according to experts, this is a state-sponsored hacker group, according to FireEye

John Hultquist, FireEye’s director of intelligence analysis, said the tactics used by APT32 include the same domain names that were registered with car companies – then launched a phishing attack into a prestigious unit/individual to win the trust of users. They then steal the victim’s information to access the intranet.

Bloomberg quoted Marc-Étienne Léveillé, an expert at ESET-based Slovakia-based ESET company. In the attack, APT32 hackers sent messages via Facebook containing malware that was displayed as an album. image. When the victim dragged the image, one of the photos actually installed malware on the computer.

This is exactly what we predicted. A crisis occurred and information became scarce, from which espionage activities were deployed,” he said.

Who is the hacker group?

Answering on Bloomberg, Nick Carr, the director of cybersecurity company FireEye Inc, said they have been tracking APT32 – also known as Ocean Lotus and Ocean Buffalo – since 2012. In 2017, his team managed to investigated a series of cyber attacks in the US, Germany and many countries in Asia and found that the APT32 team spent at least three years attacking foreign governments, journalists, dissidents and Foreign delegations have interests in manufacturing, consumer goods and hotels in Vietnam.

Marc-Étienne Léveillé said that APT32 has used this malware in recent attacks on government agencies and trade organizations in East Asia. The target was also political activists and dissidents in Vietnam, according to Bloomberg.

According to Bloomberg, cybersecurity experts said that a group of Vietnamese hackers is learning Chinese play styles, using increasingly complex cyber attacks to steal rival information and help Vietnam catch up global rivals.

This is a story of a miniature China,” said Adam Meyers, CrowdStrike’s vice president of intelligence.

Vietnam denied accusations of assisting hackers to attack China

Photo: FireEye’s Tweet line says that they believe the APT32 hacker group is backed by the Vietnamese government, has targeted the Chinese government to get information related to Covid-19

Vietnam’s Ministry of Foreign Affairs denied that the government helped the APT32 group to steal information about  pandemic in China’s Wuhan.

These are unwarranted information. Vietnam prohibits cyber attacks against organizations and individuals in any form,” said Ngo Toan Thang, deputy spokesman of Vietnam’s Ministry of Foreign Affairs in the regular online press conference on the afternoon of April 23.

Mr. Thang voiced about the information from the US-based security firm FireEye that the Vietnamese government supports the APT32 hacker group to attack the network on government agencies and businesses around the world, including China.

Cyber ​​attacks and threats need to be severely condemned and punished in accordance with the law,” the deputy spokesman said.

According to Mr. Thang, in 2018, the Vietnamese National Assembly passed the Cyber security law. Vietnam is completing legal documents to enforce laws to prevent network attacks.

Vietnam is ready to cooperate with the international community in combating and preventing cyber-attacks in any form,” Thang said.

A Facebooker who is an entrepreneur and an author who wrote the BBC said that this could be a trap set by China to pretend to cause trouble with Vietnam amidst the tense situation in the East Sea (South China Sea).

Fire Eye also implies that a lot of groups are also attacking the P4 research institute, but why are they only naming Vietnam now, while the South China Sea situation is hot?” Facebooker Ngo Truong Anh Vu raised the question, not with Reuteurs, but with the source as cybersecurity firm FireEye.

It should be known that the Truong Sa (Spratlys) have more than 100 entities, large and small, of which Vietnam manages 21 entities, China manages 7 and Malaysia, the Philippines and Indonesia (northeast of the Natuna Islands) share the rest. In the current tense situation in the Spratlys, China brought the aircraft carrier Liaoning close, and the US brought destroyers to ensure freedom of navigation.

Of the four countries of Malaysia, Indonesia, Vietnam and the Philippines, the US will prioritize the protection of the remaining three countries except Vietnam. Vietnam is isolated and does not have an alliance with the US but only a partner. Whereas Malaysia and Indonesia are allies of the US and the Philippines, the intimacy from culture to culture, the three countries Malaysia, Indonesia and the Philippines are important triads in the global strategy to eradicate terrorist group Abu Sayyaf. Malaysia and Indonesia are also very tough on the issue of sovereignty over the islands due to the Americans supporting them.

Briefly stated to see that Vietnam is the most vulnerable country and the most likely target to be attacked by China in the Spratlys. The US only speaks up about freedom of navigation, not necessarily protecting Vietnam and they will not protect Vietnam without an allied treaty.

Why is the nose pointing at Vietnam now? ” Ngo Truong Anh Vu, a writer, put his views on his personal Facebook.

Nearly 25,000 email addresses and passwords of the Bill Gates Foundation and WHO have just been disseminated on Internet?

The organizations believed to have just leaked information include the US National Institutes of Health, the World Health Organization WHO, the World Bank, the Wuhan Institute of Virology and the Bill & Melinda Gates Foundation.

A list of nearly 25,000 email addresses and passwords believed to belong to a variety of organizations such as NIH, WHO and the Bill & Melinda Gates Foundation have just been publicized on Internet. This is information that SITE Intelligence Group, a non-governmental organization that monitors online extremist and terrorist groups, announced today, April 22, according to the Washington Post.

Currently, SITE has not been able to verify whether the number of email addresses and email passwords distributed belong to NIH, WHO and the Gates & Melinda Foundation. According to SITE, the above information has been leaked since April 19.

Information about the email address and password (allegedly) of the Gates & Melinda Foundation of Bill Gates has also been released.

Reportedly, the list of 25,000 email addresses and password of unclear origin has been posted for the first time on 4chan – a famous online forum with extremist and hateful political comments. This information was later spread through Twitter and some Telegram channels of extremely right objects.

New fascists and superior whiteists took advantage of this list and distributed it to their forums. The right-hand elements took advantage of this data to call upon call a campaign of harassment, while constantly sharing conspiracy theories about the Covid-19. This is part of the far-right activities of the far-right faction to weaponize the Covid-19 pandemic, said Rita Katz – CEO of SITE s.

The SITE report shows that the National Institutes of Health (NIH) has about 9,938 email addresses and passwords that have been leaked online.

Immediately behind NIH is the US Centers for Disease Control and Prevention (CDC), with 6,857 information leaked. The numbers for the World Bank and WHO are 5,120 and 2,732, respectively. In particular, the email address and password information that are believed to belong to the Wuhan Institute of Virology and the Gates & Melinda Foundation of Gates were released, according to SITE.

Robert Potter, executive director of Internet security firm 2.0 (Australia), confirmed that the leaked WHO email addresses and passwords were real. He used email addresses and passwords spread over the Internet to successfully access the WHO computer system.

The way they set up email passwords is worrisome. 48 people even used passwords as ‘passwords.’ Some others use passwords as their own names,” Potter said.

According to Mr. Potter, the list of email addresses and passwords mentioned above may have been bought by some people from hackers operating on the Dark Web, which is often known as the ‘dark area‘ of the Internet, a collection of websites that cannot be accessed or found through search engines like Google or Bing. The information, including the WHO email address and password, may have been stolen by hackers in a cyber attack in 2016.

In a press release released on April 22, the Bill & Melinda Gates Foundation said it was following the case, saying it had not detected any evidence that the organization’s data was leaked. Meanwhile, the US CDC, WHO and the WB declined to comment.

Vietnamese hackers have caused illegal hacks in 2019, attacking big companies like the German carmaker BMW, which are thought to steal automotive engineering data.

At that time, “red capitalist” Pham Nhat Vuong, also poured money and the political patronage of the notorious dictatorial regime regime officials in Hanoi, Nguyen Phu Trong and Nguyen Xuan Phuc to build an automobile factory in Vietnam. This technology theft is the most brutal form of the dark tricks to do business, but it quickly gains profits, which the evil coalitions in Vietnam are often used.

Hoang Trung from Hanoi – Thoibao.de (Translated)