SINGAPORE (Reuters) – A hacking group previously linked to the Vietnamese government or working on its behalf has broken into the computers of neighboring countries as well as a grouping of Southeast Asian nations, according to cybersecurity company Volexity.
Steven Adair, founder and CEO, said the hacking group was still active, and had compromised the website of the Association of Southeast Asian Nations (ASEAN) over several high-profile summit meetings. ASEAN is holding another summit of regional leaders in the Philippines capital Manila this week.
In May, cybersecurity company FireEye reported that the group, which it calls APT32 and is also known as OceanLotus, was actively targeting foreign multinationals and dissidents in Vietnam. FireEye said at the time the group’s activity was “of interest to the nation of Vietnam.”
Adair told Reuters he had no basis to definitely say who was behind the group but said its capabilities rivalled those of most other advanced persistent threat (APT) groups, a term often used to refer to hacker groups that are believed to have state support.
“What we can say is that this is a very well resourced attacker that is able to conduct several simultaneous attack campaigns.”
Vietnamese officials did not immediately respond to requests for comment. But Hanoi has in the past denied accusations of cyber-attacks against organizations or individuals, and said it would prosecute any cases.
Adair said it was not clear how much information the group had stolen. “We do not really have anything on the scale of data theft, but we can tell you the scale and reach of the sites they have compromised is very far reaching,” he said.
Volexity said in a report that the group had compromised websites of ministries or government agencies in Laos, Cambodia and the Philippines so they would load malicious code onto the computers of targeted victims.
This code would then direct them to a Google page which asked for their permission to access their Google account. If the user agrees, the hackers then have access to their contacts and emails.
The ministries included Cambodia’s ministries of foreign affairs, the environment, the civil service and social affairs, as well as its national police. In the Philippines it had compromised the websites of the armed forces and the office of the president.
Three ASEAN websites, and the websites of dozens of Vietnamese non-government groups, individuals and media, were similarly targeted. The group also infected websites belonging to several Chinese oil companies.
Officials at ASEAN’s headquarters in Jakarta were not immediately available for comment.
Kirt Chanthearith, a spokesman for the Cambodian national police, said the police website was hacked about six months ago but he did not know who was responsible. “It was hacked and we lost some data”, he said, without giving further details.
Officials in Thailand said they were not aware of any hacking of government or police websites.
In Manila, Allan Cabanlong, executive director of the Cybercrime Investigation and Coordination Centre, said there was no damage to government web sites in the Philippines but authorities were taking preventive measures.
“We’ve taken measures like cyber hygiene programs,” he told Reuters. “We are conducting due diligence in the Philippines and we are clearing our network.”
Reporting by Jeremy Wagstaff; Additional reporting by Chansy Chhorn in PHNOM PENH, Matthew Tostevin in HANOI, Patpicha Tanakasempipat and Suphanida Thakral in BANGKOK, Agustinus Beo Da Costa in JAKARTA and Neil Jerome Morales in MANILA; Editing by Raju Gopalakrishnan