Hackers have been carrying out cyberattacks on multinational companies operating in Vietnam for several years now, seeking types of information that suggest a possible connection to the Vietnamese government, according to a Monday report.
In the report, American cybersecurity company FireEye said the same group — labeled APT32 — had also targeted foreign governments, dissidents and journalists through malware and other commercially-available tools.
APT refers to advanced persistent threat — one that involves a continuous hacking process using sophisticated techniques that exploit vulnerabilities within a network.
Nick Carr, a senior manager at FireEye’s Mandiant team that responds to threats and incidents, told CNBC what set APT32 apart from other groups was the kind of information the hackers were looking for within a company’s breached network.
“Several cases here, it appears APT32 was conducting intrusions to investigate the victims’ operations and assess their adherence to regulations,” Carr said. “That’s where it starts to be really unusual and is a significant departure from the wide-scale intellectual property theft and espionage that you see from a Chinese group, or political espionage or information operations from a Russian group.”
To be clear, the attacks carried out by APT32 are unrelated to the WannaCry ransomware that has hit 200,000 victims in at least 150 countries since Friday.
The FireEye report highlights that victims included foreign companies that had a vested interest in Vietnam’s manufacturing, consumer products and hospitality sectors. It also said there were indications that APT32 was targeting peripheral network security and technology infrastructure corporations and consulting firms that had possible connections with foreign investors.
Among the victims were a German manufacturing company attacked in 2014, a Chinese company in the hospitality sector and an U.S. consumer products firm.
While FireEye did not confirm that the attackers were definitely part of the Vietnamese government, Carr said the timing of the intrusions corresponded with the victims’ engagement with the Vietnamese government on regulatory matters.
“At the highest level, where I can say with certainty, is that APT32 accessed details and data from multiple victim organizations that would be of very little use to any party other than the Vietnamese government,” Carr said.
FireEye said it did not convey its findings to the Vietnamese government through Hanoi’s channels.
Vietnam’s Ministry of Foreign Affairs denied the contents of the report. In an emailed statement, spokesperson Le Thi Thu Hang called the claims “ungrounded.”
“The Government of Viet Nam does not allow any form of cyber-attacks against organizations or individuals,” the representative said. “All cyber-attacks or threats to cybersecurity must be condemned and severely punished in accordance with regulations and laws.”
The spokesperson added, “Viet Nam stands ready and looks to closely cooperate with the international community in the prevention and combating of cyber-attacks in any form.”
CNBC also reached out to the American Chamber of Commerce and the European Chamber of Commerce in Vietnam about businesses affected by such attacks and did not immediately hear back.
The presence of APT32 reflects the growing number of new countries that have adopted advanced tools and techniques to potentially carry out cyber-espionage. Usually China, Iran, Russia and North Korea are considered to be the most active cyber-espionage threats, according to FireEye.
Carr explained that the group lured victims using ActiveMime files that essentially look like a Microsoft Word document. But when victims click on the file, it opens a web page that allows the attackers to take control of the device.
“From the minute you click to enable content, your system is compromised with nation-state-grade malware,” Carr said.
Organizations and agencies in Vietnam remain vulnerable to cyber-attacks. For example, last year, airports in Hanoi and Ho Chi Minh City were hacked along with Vietnam Airlines’ website and a commercial bank.