Actors Sponsored by State Conduct Cyber-attacks in Vietnam
Security experts had warned before handed about Vietnamese government relying on Remote Access Tools (RATs) and malware for spying on dissidents, activists, journalists and bloggers. According to Softpedia.com's report on 20th January, 2014, the Electronic Frontier Foundation (EEF), an international digital rights group, was involved in analyzing some of the recent attacks. According to softpedia.com, these attacks appeared to be carried out by state-sponsored actors.
Own staff of EEF was targeted by one of the attackers in December 2013, as the attackers had sent spam emails to couple of staff members of EEF and had invited them to a certain "Asia Conference". For the staff, these messages appeared to come from a person named Andrew Oxfam.
The links in the emails pointed to Oxfam.org. In reality, these emails actually led to a Google Drive page and also had two malicious HTML applications attached to it. However, just one antivirus engine from VirusTotal detected the threat on 19th January, 2014.
The same malware was apparently sent to a reporter of Vietnam-based AP (Associated Press) in an email, appearing to be sent from Human Rights Watch. It contained a link to a white paper, which downloaded an HTML application that had a Word document and an executable.
Although the emails contain dodgy grammar and are easily identified as fake, but they have been well crafted to project as appealing to their specific targets.
EEF didn't give specifications on the main aim of these specific attacks. However, it said that the related malware and C&C server showed a relationship with the earlier campaigns targeting Vietnamese activists.
Threatpost.com published a report on 20th January, 2014, and quoted an analysis of the malware by members of EEF - Eva Galperin and Morgan Marquis-Boire. According to them, the people behind these attacks may have been operating since late 2009 and have been targeting Vietnamese dissidents, people writing on Vietnam and the Vietnamese diaspora. The above appeared to be the work of 'Sinh Tu Lenh' and seemed to be the work of Vietnamese targeting Vietnamese, although it has been also been claimed to be the work of some Chinese actors.
» SPAMfighter News - 29-01-2014