Security Experts:

Connect with us

Hi, what are you looking for?



Vietnam Cyber Threat: Government-Linked Hackers Ramping Up Attacks

Vietnam, a Growing Asian Cyber Threat

Vietnam, a Growing Asian Cyber Threat

Hackers Likely Associated With Vietnamese Government Are Attacking Foreign Economic Competitors and Governments Alike

Threat intelligence firm IntSights has issued a threat brief on the growing offensive cyber capabilities of Vietnam. The reasoning is a combination of state-affiliated — or at least state-aligned — advanced groups APT32 (OceanLotus) and APT-C-01 (Poison Ivy), and local cyber legislation that is promoting the development of cyber subterfuge among Vietnamese young.

The threat brief is authored by Charity Wright, a cyber threat intelligence analyst and former NSA offensive Asia Analyst. The existing threat is primarily a response to economic issues; but increasing cyber capabilities will come as a response to internal political issues. 

The latter effect is focused on Vietnam’s control over the internet and its use. A new cybersecurity law which came into effect at the beginning of 2019 requires companies like Google and Facebook to open offices in Vietnam, store local user data in Vietnam, and hand over personal information to government on demand. The law also allows censorship and created a 10,000 strong Force 47,” to combat,” says the analyst, “proliferation of views it deems offensive or toxic.”

The result, however, is a migration of youngsters to the dark web. “As Vietnamese authorities attempt to strengthen their grip via censorship,” she continues, “they drive more and more Vietnamese citizens to the dark web for access to unfiltered content.” In these dark web forums, cyber capable youngsters are likely to learn the skills of cyber criminality.

“While Vietnam may not have the resources to combat world superpowers – like China or the U.S. – in traditional warfare or economic stature, cyber is leveling the playing field,” comments Wright. “Vietnam has the potential to develop into a cybercriminal outpost, as its government continues to censor the public and push its youthful middle class toward the fringes with its strict internet legislation.”

The two primary advanced hacking groups are either state-sponsored or closely align themselves with government policy. That policy is rapid economic expansion. The country’s “one-party government,” says the brief, “has committed to an aggressive economic growth strategy, searching for advantages it can gain over the more established regional economic powerhouses – China, Japan, South Korea, and neighboring Southeast Asian countries like Singapore.”

Noticeably, OceanLotus (which has been compared to Russian hacking groups in its degree of sophistication) has been targeting foreign governments, businesses, and dissidents for financial gain and to equip the government with economic intelligence on its rivals. In recent months it has targeted the automotive industry, which the analyst believes is directly connected to the imminent launch of Vietnam’s first domestic auto company planned for September 2019.

The Poison Ivy group, so named for its use of the Poison Ivy RAT, has been operating cyber espionage campaigns against Chinese intelligence agencies, military operations, academic institutions, and scientific research labs since at least 2007. (Poison Ivy is also used by one of China’s own leading hacking groups, APT10.)

The future threat from Vietnam is likely to come on two-fronts — basic cyber criminality caused by internal political policy pushing citizens onto the dark web criminal training ground, and increasing state activity supporting Vietnamese economic policies. The economic drive is similar to China, writ small. 

“There are clear parallels between the two nations’ strategies.” Charity Wright told SecurityWeek. “Economic growth creates power. Cyber espionage fuels economic advantages. We can definitely expect to see Vietnamese targets change to align with changing economic priorities.” But it is also likely to increase. Political policy will increase the number of cyber criminals in Vietnam — and national governments have a tendency to recruit from their ‘best’ cybercriminals. The threat from Vietnam is likely to grow.

Related: Vietnam Accuses Facebook of Breaching New Cyber Law 

Related: Vietnam-Linked Hackers Use Atypical Executables to Avoid Detection 

Related: APT32: Vietnamese Hackers Target Foreign Corporations 

Related: “OceanLotus” Spies Use New Backdoor in Recent Attacks 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...