Hackers caught targeting Vietnam government portals

The National Cyber Security Center said it has discovered and foiled a number of attempted cyberattacks on Vietnamese government portals by the China-linked Cycldek hacker group.
April 11, 2021 | 11:13
Chinese hackers connection still active in Indian computer systems, US firm said Chinese hackers connection still active in Indian computer systems, US firm said
300,000 Vietnamese internet accounts offered for sale by hackers 300,000 Vietnamese internet accounts offered for sale by hackers
Who is Ngo Minh Hieu - Hacker once jailed in US now hired by VN cybersecurity center? Who is Ngo Minh Hieu - Hacker once jailed in US now hired by VN cybersecurity center?

It said the advanced persistent threat (APT) hacker group is also known as Goblin Panda, Hellsing, APT27, and 1937CN, Vnexpress reported.

The Department of Information Security joined hands with Internet service providers to block multiple attacks in March after receiving information from the center that Cycldek was trying to penetrate computer systems in Vietnam, Thailand, and Central Asian countries.

After identifying the evasion techniques the hacker group used, the NCSC contacted eight Internet service providers in Vietnam and told them to block all the IPs and domains it sent in a list to prevent cyberattacks.

Cycldek is a dangerous hacker group that usually targets the defense, energy, and government sectors in Southeast Asia, especially Vietnam and Laos. It has carried out many attacks on Vietnam.

According to the NCSC, there have been attacks on Vietnam in the first quarter by hacker groups backed by great resources to target political and economic entities.

Hackers caught targeting Vietnam government portals

Hackers caught targeting Vietnam government portals. Photo: Reuters

In 2019, the Authority of Information Security said over 400,000 IP addresses in Vietnam are contaminated with malware from APT.

"This is an intentional attack from international hackers against the Vietnamese government and its vital information infrastructure," Nguyen Khac Lich, its deputy general director, said.

"The malware used is very dangerous and well disguised. For this reason, individual users should exercise great caution while communicating online."

The malware was dispersed through disguised attachments on emails, with the contaminated files showing as normal documents (.doc). When a victim clicked on the files, the malware sneaked inside computers and stole personal information.

The contaminated computers also act as a conduit to attack other computers. Consequently, a botnet is created, and it serves as a foundation for a large-scale attack against national information systems.

The attack might result in national security information being stolen by hackers for a long time.

The Authority of Information Security has provided tools to remove the malware on its website and the website of the ministry's Cybersecurity Emergency Response Teams/Coordination Center.

Vietnamese experts spot Microsoft Windows 10 errors

Two Vietnamese security experts have won $40,000 after detecting Windows 10 vulnerabilities at Pwn2Own 2021, one of the world's largest cyber-attack competitions.

Pham Van Khanh, 29, and Dao Trong Nghia, 23, from Viettel Cyber Security, a subsidiary of military-run telecommunications company Viettel, won the "Local Escalation of Privilege" title when targeting Microsoft's Windows 10.

The team used an integer overflow in Windows 10 to escalate from a regular user to system privileges during a competition on April 6.

For each category, the contest, held online by Zero Day Initiative, a U.S.-based international software vulnerability initiative started in 2005, evaluates competitors via "success," "partial" and "failure" levels.

Hackers caught targeting Vietnam government portals

Pham Van Khanh (L) and Dao Trong Nghia attend the Pwn2Own contest in early April 2021. Photo by VnExpress/Thanh Binh.

Khanh and Nghia, as the only representative of Vietnam at the contest, are evaluated as "partial" as they targeted Microsoft Exchange in the Server category on April 7.

The team successfully demonstrated its code execution on the Exchange server, though some of the bugs they used in their exploit chain had been previously reported in the contest.

Aside from the two categories featuring the Vietnamese team, Virtualization, Web Browser, Enterprise Applications, Enterprise Communications, and Automotive categories rounded off the event.

Nghia said the contest was a "big challenge."

"Normally, detecting errors in a system is already a hard job. In this contest, it was much harder since I had to find errors and create an attack code in a limited period of time."

Congolese hacker sentenced to 8 years in jail for money heist

Congolese hacker sentenced to 8 years in jail for money heist

Victor Etoria received an 8-year sentence meant in Ho Chi Minh city for stealing hundreds of thousands of dollars by intercepting online company transfers.

Vietnamese hacker to become security expert in Google

Vietnamese hacker to become security expert in Google

Duong Ngoc Thai is very well-known in the IT security community thanks to his contribution in detecting critical vulnerabilities in software products of global companies ...

US-China tension: US ordered to close Chinese consulate in Houston

US-China tension: US ordered to close Chinese consulate in Houston

On July 22, the US-China tension escalated as the United States ordered China to close its consulate in Houston, Texas. The Chinese consulate had been ...