Inside Việt Nam’s Cyber War

Tension between Việt Nam and China reached fever pitch last summer. Video of the dramatic clash between the two historic adversaries splashed from the South China Sea onto the airwaves of this Global News report.

Tensions were sparked by China’s aggressive claims in the South China Sea, where nearly 50 trillion dollars worth of trade pass through every year.

It began in May 2014, when Beijing placed an oil rig 120 miles from the Vietnamese coast, near islands that Việtnam claims. Thousands of Vietnamese citizens took to the streets in protest.

Anti-China sentiment escalated into riots and would eventually claim multiple deaths.

But it’s not just military tactics, naval confrontations, and protests that are marking this sea dispute. Cyber war researcher Anni Piiparinen says the tinderbox of geopolitical tension is making its way into cyberspace.

She says, “After the oil rig incident between Việt Nam and China and the deadly anti-China protests that followed this oil rig incident, China-based hackers attacked Vietnamese government and military websites and networks. They reportedly succeeded in breaching Vietnamese intelligence agency network and were able to gain access to confidential information about Việtnam’s security strategy regarding the Pacific dispute.”

Piiparinen is a program assistant with the Cyber Statecraft Initiative at the Atlantic Council, a U.S.-based think tank. She says that the maritime dispute was followed by a considerable peak in cyber attacks against Việt Nam. So much, that in 2014 Việt Nam became the most targeted country for cyber attacks, according to CrowdStrike, a cybersecurity technology firm.

That year Việt Nam surpassed even the United States in the onslaught of malware it suffered. Attacks ranged from harmless defacement of government websites by so-called China-based patriotic hackers, meaning individuals who just wanted to teach Việt Nam a lesson, to total network compromises and loss of intelligence executed by government cyber spies.

These vulnerabilities were exploited by a rat and delivered by a phish.

That’s RAT — remote access tool and phish, with a p. Adam Kozy, CrowdStrike’s senior intelligence analyst explains, “A RAT is a remote access tool that of course allows access into victim’s systems. and so how they were doing this, kind of the method of infection was a mixture of spear phishes, which I think most people know is an expertly crafted email to try to get you to click on a link or try to visit the site or something like that, as well as what we call strategic web compromises or swc. And that’s basically where they trick you into visiting a compromised site.”

Kozy says one of the those expertly crafted emails sent by China specially targeted Vietnamese government officials. CrowdStrike exposed the hack and documented it in its Global Threat Intel Report earlier this year. It was quite simple, really. The sender emailed a real, official document from Việt Nam’s Fisheries Protection Department. The document had just a “small” modification: It was rigged with the rat. Any recipient who opened the document would instantly be infected with it. And just like that, the sender would then have access to the recipient's device.

But for China to have obtained Vietnamese documents to infect them in the first place means that China is already two steps ahead: Beijing did her homework and obtained these documents through human or digital intelligence gathering.

It is well documented that Beijing employs an entire military unit dedicated to cyber espionage and cyber warfare.

One of China’s hackers, “UglyGorilla” is on the FBI’s Wanted list.

Who then are Việt Nam’s hackers, the ones trying to hack China back? Kozy says primarily law enforcement entities. He says, “These were cops by day and kind of vigilante, nationalistic, Vietnamese hackers by night.”

It’s clear the Vietnamese government can’t just rely on its own patriotic hackers - there aren’t nearly enough to match Beijing’s army. In the face of these mounting digital threats, Hà Nội is responding to China with rudimentary, one-click solutions.

A security researcher, who wants to remain anonymous due to ongoing business, provides Loa with insight into Hà Noi’s game plan. We’ll call him Khoa. He’s a vendor of enterprise-level defensive and offensive security products, and has been approached by Vietnamese government officials interested in purchasing his wares.

Khoa says, “They’re basically just trying to throw money at the problem without actually thinking about the problem. So they want the easiest solution which is to purchase these products without actually understanding how they work and unfortunately, their personnel are also not trained to use these products. So they basically want one-click solutions, which is not very viable in this environment.”

A cyber war is brewing and Việt Nam is bringing a knife to a gunfight. Khoa says there is an arms race and everyone is losing to China because they’ve had more operational experiences than other nations.

China does not need to deploy technically sophisticated software against Việt Nam to gather intelligence and disrupt networks. It relies on human error and lack of digital security to do the most harm. For China to target Vietnamese officials with decoy documents, as it did with the Fisheries Protection Department, that’s social engineering at its best.

The best defense, then, can be quite simple. Kozy of Crowdstrike explains what Việt Nam can do in this cyber war is to equip the technologically young country with education on digital security.

It’s a virtual cat and mouse game, where the attackers start off with the advantage.

For Việt Nam to get out from under this rat race, now more than ever, the country needs leaders with a long-term vision for national security, not just at its borders and sea lanes but in the digital space as well.