Vietnam lists Chinese hacker groups Mustang Panda, APT31 as espionage threats

By Sylvie Truong, The Readable
Feb. 9, 2024 5:50PM GMT+9

Despite their shared communist ideology and recent efforts to enhance their bilateral relationship, Vietnam has identified Chinese hacker groups Mustang Panda and the advanced persistent threat (APT) actors APT31 as significant espionage threats for 2024.

The Vietnamese government, drawing on an analysis by Bkav, a top cybersecurity firm in Vietnam, has released a report highlighting key cybersecurity challenges and predictions for 2024. Bkav observed a significant rise in espionage-related cyberattacks targeting Vietnam in 2023, noting a 55% increase from the year before. These attacks impacted more than 280,000 computers and were attributed to several Chinese threat groups, notably Mustang Panda and APT31. The report points out that these attackers utilized malware tools like PlugX, CobaltStrike, and njRAT to exfiltrate data.

Mustang Panda, an infamous Chinese cyber threat group, has been active in targeting foreign entities and has been well-known to the cybersecurity community since at least 2012. This group has conducted cyberattacks against the governments of Myanmar, the Philippines, Indonesia, Australia, Taiwan, Japan, the United States, the United Kingdom, Estonia, Finland, Greece, Latvia, and Turkey, according to multiple cybersecurity researchers. Mustang Panda specializes in espionage, utilizing spear-phishing campaigns that leverage current events like COVID-19, the Russia-Ukraine conflict, international summits, and various other subjects to compromise their targets.

APT31 distinguishes itself from Mustang Panda through its approach to hacking, utilizing a distinct set of tactics, techniques, and procedures (TTPs) in conducting cyberattacks. This group has been implicated in numerous attacks on air-gapped computers—systems isolated from the internet and external networks—often initiating their intrusions via infected USB drives. In 2023, the cybersecurity firm Kaspersky released a report detailing new malware specifically crafted to retrieve data from air-gapped systems through a sophisticated multi-stage attack. Kaspersky’s researchers have attributed this malware to APT31, linking it to cyberattacks against industrial entities in Eastern Europe.

Despite China and Vietnam sharing a common ideology and recent efforts to strengthen relations between the two nations, Vietnam’s identification of significant cybersecurity threats originating from China highlights the imperative for Vietnam and the world at large to maintain a high level of vigilance.

The cover image of this article was designed by Sangseon Kim. This article was reviewed by Dain Oh and copyedited by Arthur Gregory Willers.

Sylvie Truong is a regular contributor to The Readable. Her interest in cybersecurity began in 2015, while working as a biomedical researcher at Columbia University’s Irving Medical Center. She worked in the Molecular Imaging and Neuropathology Division, analyzing data using various software programs. Due to her experience there, she developed an interest in cybersecurity and implementing better practices to protect personal data, valuable research information, and more. Sylvie holds a master’s degree in neuroscience and education from Columbia University.