14 DAY TRIAL // Experts warned a long time ago that the Vietnamese government had been relying on malware and remote access tools (RATs) to spy on activists, bloggers, dissidents and journalists. The Electronic Frontier Foundation (EFF) has been analyzing some recent attacks that appear to be carried out by state-sponsored actors.
In one of them, which took place in December 2013, the EFF’s own staff was targeted. The attackers sent emails to a couple of EFF staffers, inviting them to an “Asia Conference.” The messages appeared to come from Andrew Oxfam.
The links in the notification appeared to point to Oxfam.org, but in reality, they led users to a Google Drive page. In addition, the email also had two malicious HTML applications attached to it. On January 19, 2014, only one antivirus engine from VirusTotal was detecting the threat.
The malicious notification sent to an Associated Press journalist was similar, but it purported to come from HRW Asian and appeared to contain a “Human Rights White Paper.”
A similar malware was used in an attack against a Vietnamese blogger and math professor in February 2013. The same campaign also targeted a Vietnamese pro-democracy blogger who’s living in California.
“The group behind these attacks appears to have been operating since late 2009, and has been very active in the targeting of Vietnamese dissidents, people writing on Vietnam, and the Vietnamese diaspora,” the EFF noted in a blog post.
“The appears to be the work of a group commonly known as ‘Sinh Tử Lệnh’ and while it has been anecdotally claimed to be the work of Chinese actors, it seems to be more likely the work of Vietnamese targeting Vietnamese.”
While it’s no surprise that the hackers have been targeting the Vietnamese diaspora, it’s interesting that they’re also trying to spy on US activists and even journalists.