A Chinese government hacker group appears to be peppering Vietnamese bureaucrats with phishing emails in attempts to gain advantage in upcoming trade talks.
A country like China sending out scattershot attempts to spy on foreign government computers is commonplace, experts say. But the Chinese assault on Vietnamese officials, detailed in a report by US cybersecurity firm FireEye, offers a reminder of how cyber espionage has become an everyday tactic across the world as nations search for ways to gain economic and strategic advantage in relations of all types.
“The Chinese, like other state actors, want to know about trade negotiations and diplomats’ talking points before they have to confront them in negotiations,” said Adam Segal, an expert on Chinese policy and the director of digital and cyberspace policy at the Council on Foreign Relations, a New York City and Washington, DC, think tank. “For any southeast Asian diplomat, this is going to be a constant source of threats, both from the trade and the political strategic perspective.”
China is regarded as one of the most aggressive nations in the world when it comes to economic espionage, with several dedicated government groups and untold thousands of employees. In 2014, the US government indicted five members of China’s People’s Liberation Army for hacking crimes against US targets, including companies such as Westinghouse and US Steel.
Chinese targeting of US companies has dropped since — Chinese President Xi Jinping and then US President Barack Obama agreed in 2015 that neither country would attempt to steal private companies' business secrets.
But that doesn't mean China has decreased its efforts against other nations, as the FireEye report, shared with BuzzFeed News, makes clear.
FireEye’s report focuses on a pair of Microsoft Word documents that appear tailored as “lures” — emailed files that encourage recipients to download them in phishing attacks, but which secretly contain malware that attacks a user’s computer or network.
One of the documents concerns the Regional Comprehensive Economic Partnership, a proposed trade agreement between 16 countries along the Pacific Ocean. The other purports to be a strategic plan for the Asia-Pacific Economic Cooperation, a forum that encourages trade around the region. But they aren't the only indication of China's interest in Vietnam, Ben Read, FireEye's manager of cyber-espionage analysis, told BuzzFeed News.
“We see such a high volume of lures targeting Vietnam,” Read said. “We’re seeing multiple ones every month.”
Both the lures, as well as others Read said his team has seen, contain malware exploits of Microsoft Word, a common tactic against computers that either run pirated versions of Microsoft Office or versions that haven’t been updated.
Once deployed, the malicious software can relay back to its author what it sees on the victim’s computer, such as a profile of its files and the names of connected networks. It also can be used to load additional malware. With enough successful attacks, whoever’s behind the phishing attempt can map a comprehensive look at a foreign government’s intentions.
There’s no telling if these particular efforts were successful. FireEye found the lures after a would-be victim uploaded them to VirusTotal, a Google-owned company that allows anyone to submit potentially malicious files to be scanned for known malware, which in turn helps create an ongoing repository of new threats.
Vietnam competes with China on a number of fronts, including for oil and natural gas deposits in the South China Sea.
Vietnam is clearly aware of the threat. On Sunday, Vietnamese President Tran Dai Quang gave a speech highlighting cybersecurity, saying that his country had seen a rise in attempts to steal state secrets.
But such spying is the norm around the world, Segal said.
“If you’re of interest to the US or Russia or China in some way or shape, you’re going to be targeted, probably,” he said.
Kevin Collier is a cybersecurity correspondent for BuzzFeed News and is based in New York.
Contact Kevin Collier at email@example.com.
Got a confidential tip? Submit it here.