VietNamNet Bridge - FireEye has released a report saying that Chinese hackers were behind a series of cyberattacks on Vietnam, other Southeast Asian countries and India over the last 10 years.



{keywords}


According to the security firm, the group of 30 hackers, called APT 30, could have been the culprit behind cyberattacks on governmental organizations, businesses and news agencies.

The report said the APT 30 attacks kicked off in 2005, targeting neighboring countries, including Vietnam.

“There’s no smoking gun that shows this is a Chinese government operation, but all signs point to China,” FireEye’s APAC CTO Bryce Boland said in TechCrunch.

The information released by FireEye coincides with a report from the Ministry of Public Security released in late March 2015 that foreign hackers have intensified their attacks on Vietnam, particularly after China’s illegal deployment of an oil rig in Vietnamese territorial waters in May 2014.

The report showed that 700 Vietnamese websites were attacked, while 400 websites were hit on Vietnamese National Day on September 2, 2014.

FireEye said it had collected evidence showing the involvement of Chinese hackers in the attacks. These include a manual of codes in Chinese, believed to be developed by Chinese programmers. It also discovered a suspicious domain name registered by a Chinese tea company.

He believes that the cyberattacks served the Chinese government’s intelligence campaigns related to the territorial disputes in South East Asia. 

The expert noted that APT 30 has been following a coherent attack plan. There are programmers in charge of developing backbend tools for the operations of the attacks, while other hackers develop their attack tools of their own.

FireEye said it had discovered over 200 malware variations that APT 30 has developed. It believes that APT 30 could also attack the air gap, a network with high security, because it is always offline.

Ngo Tuan Anh, deputy chair of the Bach Khoa Anti-virus Center (BKAV), the Vietnamese leading security firm, said in Lao Dong newspaper that BKAV has found many intentional attacks on important Vietnamese agencies’ information systems, including the Ministry of National Defence, Ministry of Public Security and research institutes.


Anh said since 2012, BKAV has repeatedly warned about the large cyberattacks on state agencies. 

A survey conducted by BKAV in 2014 found that 40 percent of Vietnamese websites, the gateways to Vietnamese organizations and businesses, had vulnerabilities. The figure is considered to be a “medium level” in the region, but at a high level compared to the rest of the world.

Anh noted that Vietnamese seem to ignore the warnings given by security firms, which could be the reason the situation has become more serious. 

Thanh Lich