Cyber spies working for or on behalf of the Chinese government have increased cyberattacks against official and corporate targets in Vietnam.
The attacks come at a time of increased tension over the South China Sea. Cybersecurity company FireEye told Reuters that the cyberattacks came in recent weeks, and it was able to trace them back to suspected Chinese cyber spies, because the group had used the same infrastructure before.
“Where China has often focused on the government before, this shows they are really hitting the full commercial sector potentially in Vietnam and trying to gather a broad base of information there,” said Ben Read, who heads FireEye’s cyber espionage team.
China has denied any wrongdoing, with Foreign Ministry Spokesperson Hua Chunying saying that the country opposed all forms of illegal internet activities or stealing of secrets, as well as any accusations against any country on the issue without cast-iron proof.
Vietnamese Foreign Ministry Spokesperson Le Thi Thu Hang said cyberattacks should be severely punished in accordance with the law. While the country denies allowing cyber espionage, it has also been accused by FireEye of carrying out attacks.
The attacks in Vietnam involved sending users documents in Vietnamese, which appeared to be requests for financial information. Once opened, the documents delivered malware to infect the computer and send back information to the cyber spies, potentially letting them into the computer network. FireEye was unable to say exactly what information had been stolen.
A broad range of companies appeared to have been targeted, including financial institutions. FireEye linked the attacks to a team it calls Conimes, which focuses on Southeast Asia, but its main target is Vietnam.
Read said the malware attacks were relatively unsophisticated and relied on users having pre-2012 versions of Microsoft Word. “They are using comparatively simple techniques, because apparently they work,” he said.