August 31, 2017
By Matthew Tostevin
(Reuters) – Cyber spies working for or on behalf of China’s government have broadened attacks against official and corporate targets in Vietnam at a time of raised tension over the South China Sea, cyber security company FireEye said.
FireEye told Reuters the attacks happened in recent weeks and it had traced them back to suspected Chinese cyber spies based partly on the fact that a Chinese group it had identified previously had used the same infrastructure before.
“Where China has often focused on the government before, this shows they are really hitting the full commercial sector potentially in Vietnam and trying to gather a broad base of information there,” said Ben Read, who heads FireEye’s cyber espionage team.
Chinese Foreign Ministry spokeswoman Hua Chunying said China opposed all forms of illegal internet activities or stealing of secrets and also opposed any accusations from any side against any country on the issue without cast-iron proof.
Vietnamese Foreign Ministry spokeswoman Le Thi Thu Hang said cyber attacks should be severely punished in accordance with the law and that it was important for countries to secure their networks.
Vietnam denies allowing cyber espionage although it has also been accused by FireEye of carrying out attacks.
Tension between China and neighboring Vietnam is at its highest in three years over the disputed South China Sea, where Vietnam has emerged as the most vocal opponents of Beijing’s extensive claims.
Vietnam suspended oil drilling in offshore waters that are also claimed by China in July under pressure from Beijing.
China has appeared uneasy at Vietnam’s efforts to rally Southeast Asian countries over the South China Sea as well as at its growing defense relationships with the United States, Japan and India.
China claims nearly all the South China Sea, through which an estimated $3 trillion in international trade passes each year. Brunei, Malaysia, the Philippines and Taiwan also have claims.
FireEye said the attacks in Vietnam involved sending users documents in Vietnamese which appeared to be requests for financial information. A broad range of companies appeared to have been targeted, including financial institutions, it said without giving specific details.
When the user opened them, they delivered malware which could infect a computer and send back information to the cyber spies, potentially letting them into the computer network too.
FireEye linked the attacks to a team it calls Conimes because in the past it used the conimes.com domain. The team focuses on Southeast Asia, but its main target is Vietnam and even more so since tensions rose over the South China Sea, Read said.
He was unable to say exactly what information had been gathered.
Vietnamese President Tran Dai Quang called earlier this month for tighter Internet controls to provide better protection against cyber threats as well as to prevent websites and social media publishing material damaging to the communist party.
Read said the attacks it had discovered on Vietnam were relatively unsophisticated and relied on users having pre-2012 versions of Microsoft Word.
“They are using comparatively simple techniques because apparently they work,” he said.
(Additional reporting by Ben Blanchard in Beijing; Editing by Nick Macfie)