Vietnam closed its borders to China and barred all flights from there on Feb. 1, just weeks after it became apparent that the novel coronavirus was spreading rapidly from Wuhan to the rest of the country. And as it was shutting itself off from its neighbor, hackers backed by the Vietnamese government were trying to hack into the heart of Chinese state organizations, according to research by US cybersecurity firm FireEye.
APT32 is a cyber espionage group believed to have ties with the Hanoi government, and has carried out intrusions since at least 2014, according to a 2017 report from FireEye. Over the years, it has targeted foreign governments and corporations across multiple sectors, as well as journalists and activists. APT stands for advanced persistent threat, and such groups aim to pursue cyberattacks over the course of months or even years. APT32 is just one such group among dozens from around the world linked to different countries.
According to FireEye, APT32 carried out attacks by targeting the email accounts of staff at China’s Ministry of Emergency Management, which is at the center of the national effort to contain the virus, and the government of Wuhan. The first attack detected by FireEye took place on Jan. 6—two weeks before China confirmed that the novel coronavirus could be transmitted human-to-human. The spear-phishing messages contained code to inform the hackers if the email was opened. Malicious attachments and links containing a virus called Metaljack were then sent to the target, which gives the hackers access to the victim.
Addressing the media today, a spokesman for Vietnam’s ministry of foreign affairs said FireEye’s accusations linking the Hanoi government with APT32’s activities were “unfounded.”
The attacks come as tensions have increased between the long-time foes, particularly in the South China Sea, where a Chinese ship collided with and sank a Vietnamese fishing boat earlier this month near the disputed Paracel Islands. Meanwhile, Vietnam has also challenged China’s “mask diplomacy” by donating masks and other protective equipment of its own to other countries.
Vietnam has so far done relatively well in its coronavirus response, and the World Health Organization this week praised the country for its strong leadership in implementing epidemic measures. Vietnam has reported 268 confirmed cases to date, with zero deaths, and no new cases have been reported in a full week. Schools across many provinces will re-open next week, and the prime minister Nguyen Xuan Phuc said yesterday that most parts of the country will begin to ease restrictions.
In recent weeks, the WHO has also been targeted by hackers attempting to steal passwords from agency staffers. Cyberattacks have also been launched against hospitals and at least one airport, and Interpol’s Cybercrime Threat Response team warned earlier this month of a “significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”
This isn’t the first time that APT32 has targeted China. According to Wired, the group started attacking Chinese entities in 2012. FireEye has also previously found that the timing of APT32’s attacks aligned with the targets’ engagement with the Vietnamese government on regulatory issues, thereby hinting at the group’s ties with Vietnam.