By John Boudreau and Mai Ngoc Chau
(Bloomberg) — The spyware used in cyber attacks on Vietnam’s major airports and national carrier last month is now suspected of having bombarded many more official sites, amid tensions with China over territory in the disputed South China Sea.
A malicious code disguised as anti-virus software found lurking in everything from government offices to banks, major companies and universities was the same as that used in “politically-colored” attacks on two of the country’s biggest airports and Vietnam Airlines, said Ngo Tuan Anh, vice chairman of Hanoi-based network security company Bkav Corp.
On July 29, the flight screens at the airports displayed messages critical of Vietnam’s claims to the South China Sea, according to the VnExpress news website. Vietnam and the Philippines have been the most vocal in criticizing China for its increased assertiveness over the area.
While more evidence is needed to pinpoint the likely origin, the attacks were clearly political in nature, Anh said. The spyware aimed at Vietnam was from one group or several actors working together that has made assaults on institutions in the Southeast Asian country since 2012, he added. Vietnam’s Ministry of Foreign Affairs did not respond to an e-mailed request for comment.
With tensions running high in the South China Sea as China increases its military presence in the area, having reclaimed thousands of acres of land on small shoals and reefs, claimant nations are seeking diplomatic and popular support for their stances. The Vietnam incident highlights the vulnerability of some smaller Southeast Asian states to sustained attacks on their government infrastructure in response to geopolitical frictions.
“The attack on the airport and airline appears to be the work of cyber activists who are using it to promote a political agenda,” Wias Issa, senior director for Asia Pacific at security company FireEye Inc., said in an e-mail. “A key challenge is that volatile geopolitics in Vietnam make it a target.”
The website of the Permanent Court of Arbitration in The Hague went offline in October during a hearing of a Philippine challenge to China’s claim to more than 80 percent of the South China Sea. The court ruled last month in favor of the Philippines, prompting an angry response from the government in Beijing, which did not take part in the arbitration proceedings and said it didn’t recognize the verdict.
For a chart on China’s trade with Southeast Asia, click here
Vietnam’s Minister of Information and Communications Truong Minh Tuan said the government is reviewing Chinese technology and devices after the July cyber attack, Tuoi Tre newspaper reported. Major Vietnamese telecom operators use Chinese technology, raising the threats of more data breaches, he said.
Chinese hacker group 1937cn initially claimed responsibility for the incident, which included Vietnam Airlines’ database of frequent flyers being leaked online, before denying involvement, Tuan said. 1937cn team founder Liu Yongfa was quoted in China’s state-run Global Times as saying he neither admitted nor denied the attacks.
“1937cn is a non-government organization,” Liu said. “We do not want to be a victim of the politics.”
“At a time when the definition of a cyber crime remains vague in China, our team will start a cyber war to defend the country and the people when their sovereignty and rights are violated by foreign countries,” Liu said.
Hackers are increasingly using the tactic of “information theft and then information dump” to embarrass victims, said Tobias Feakin, director of the national security program at the Australian Strategic Policy Institute in Canberra.
“1937cn is clearly a nationalist hacker group with distinct sympathy for China’s nationalistic agenda,” said Feakin. “Can you say it is the work of the Chinese government? No. But this is one of a growing number of hacker organizations sympathetic to the views of certain parts of the Chinese government and the People’s Liberation Army.”
China’s foreign ministry did not respond to a faxed request for comment. In April spokesman Lu Kang told reporters that China stands for “an open, secure, cooperative and peaceful cyberspace.”
“The Chinese government is resolute in fighting hacking activities,” Lu said.
Territorial tensions have picked up between Vietnam and China since China dragged an exploration oil rig into contested waters in mid-2014. The move led to deadly anti-China protests in Vietnam and clashes at sea between coast guard boats. There was a spike in cyber attacks on Vietnamese targets at the time, according to cybersecurity company CrowdStrike Inc.
Vietnam has seen a rise in hacks of government sites. There was a nearly 22 percent increase in high-tech crimes in the first half of the year, Vietnam News reported Wednesday, citing a Ministry of Public Security report. That included an uptick in crimes involving the dissemination of information and software against the government, it said.
“The use of spyware to steal data and the trend of launching politically-colored hacks are increasing and becoming more apparent,” Anh said.
–With assistance from David Tweed, Diep Ngoc Pham and Keith Zhai.
© 2016 Bloomberg L.P