Hackers in Vietnam have been attacking foreign companies and other targets for years, seeking information and using tactics that suggest links to the Vietnamese government, a cybersecurity company said Monday.
The findings, laid out in a report released by the company, FireEye, come as companies and experts look beyond traditional sources of attacks like China and Russia to deal with new or rising threats.
Smaller countries are now trying their hand at hacking, experts say, as they seek to follow dissidents, undermine enemies or comb corporate files for trade secrets.
FireEye, a company based in California that deals with large network breaches, said it had watched a Vietnamese group known as OceanLotus target foreign companies in the manufacturing, hospitality and consumer products sectors since at least 2014.
While identifying hackers or the governments that might back them can be difficult, FireEye said OceanLotus had used tactics similar to those in attacks previously identified by experts as having targeted Vietnamese dissidents, journalists and governments at odds with the country.
The OceanLotus group “accessed personnel details and other data from multiple victim organizations that would be of very little use to any party other than the Vietnamese government,” said Nick Carr, a security expert at FireEye and the primary author of the report.
Le Thi Thu Hang, a spokeswoman for the Vietnamese Foreign Ministry, called the findings of the report “groundless” and said the country looked forward to working internationally to fight digital breaches.
Vietnam “does not allow cyberattacks on organizations or individuals,” she said in an emailed statement. “All cyberattacks or threats to cybersecurity must be condemned and severely punished in accordance with regulations and law.”
FireEye experts said OceanLotus was the first of 32 state-linked hacking groups it had identified worldwide that was neither Russian nor Chinese.
State-sponsored hacking is “the new way to do espionage in the 21st century because it’s much easier to resource compared to a human operation,” said Tim Wellsmore, FireEye’s Asia director of threat intelligence. “This is a low-cost, high-return model.”
Plainclothes security forces in Vietnam, a one-party authoritarian state, regularly spy on journalists, activists and political dissidents, sometimes in almost comically obvious ways — tailing them by motorbike, for example, or eavesdropping in a cafe.
Activists in the Vietnamese diaspora have also reported being targeted by what they say is state-sponsored hacking.
In a 2014 blog post, the Electronic Frontier Foundation, a nonprofit advocacy group in California, documented what it said appeared to be a state-affiliated Vietnamese hacking operation that had targeted a range of people critical of the government, including an Associated Press reporter in Vietnam and a pro-democracy blogger in California.
FireEye said OceanLotus employed a similar type of email phishing, using messages to bait victims into downloading malicious software or turning over their user names and passwords.
The report also documented the group’s hacking of companies from Vietnam, China, Germany, the Philippines, Britain and the United States. It did not analyze specific breaches in detail, but it said one European manufacturing company had been compromised in 2014 before building a factory in Vietnam.
It also said that OceanLotus malware had been detected last year on the network of a global hospitality developer that was planning to expand into the country.
Ben Wootliff, who oversees digital security at the business consultancy Control Risks, said online crime was a risk for local and international companies in Vietnam for a number of reasons, including a rapid pace of digitalization and an improvisational business environment. “There is a lack of desire, awareness and capability to implement decent cyberhygiene,” he said.