Cybersecurity News that Matters

Cybersecurity News that Matters

Vietnam lists Chinese hacker groups Mustang Panda, APT31 as espionage threats

Designed by Sangseon Kim, The Readable

by Sylvie Truong

Feb. 09, 2024
5:50 PM GMT+9

Despite their shared communist ideology and recent efforts to enhance their bilateral relationship, Vietnam has identified Chinese hacker groups Mustang Panda and the advanced persistent threat (APT) actors APT31 as significant espionage threats for 2024.

The Vietnamese government, drawing on an analysis by Bkav, a top cybersecurity firm in Vietnam, has released a report highlighting key cybersecurity challenges and predictions for 2024. Bkav observed a significant rise in espionage-related cyberattacks targeting Vietnam in 2023, noting a 55% increase from the year before. These attacks impacted more than 280,000 computers and were attributed to several Chinese threat groups, notably Mustang Panda and APT31. The report points out that these attackers utilized malware tools like PlugX, CobaltStrike, and njRAT to exfiltrate data.

Mustang Panda, an infamous Chinese cyber threat group, has been active in targeting foreign entities and has been well-known to the cybersecurity community since at least 2012. This group has conducted cyberattacks against the governments of Myanmar, the Philippines, Indonesia, Australia, Taiwan, Japan, the United States, the United Kingdom, Estonia, Finland, Greece, Latvia, and Turkey, according to multiple cybersecurity researchers. Mustang Panda specializes in espionage, utilizing spear-phishing campaigns that leverage current events like COVID-19, the Russia-Ukraine conflict, international summits, and various other subjects to compromise their targets.

APT31 distinguishes itself from Mustang Panda through its approach to hacking, utilizing a distinct set of tactics, techniques, and procedures (TTPs) in conducting cyberattacks. This group has been implicated in numerous attacks on air-gapped computers—systems isolated from the internet and external networks—often initiating their intrusions via infected USB drives. In 2023, the cybersecurity firm Kaspersky released a report detailing new malware specifically crafted to retrieve data from air-gapped systems through a sophisticated multi-stage attack. Kaspersky’s researchers have attributed this malware to APT31, linking it to cyberattacks against industrial entities in Eastern Europe.

Despite China and Vietnam sharing a common ideology and recent efforts to strengthen relations between the two nations, Vietnam’s identification of significant cybersecurity threats originating from China highlights the imperative for Vietnam and the world at large to maintain a high level of vigilance.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Sylvie Truong

    Sylvie Truong is a regular contributor to The Readable. Her interest in cybersecurity began in 2015, while working as a biomedical research assistant at Columbia University’s Irving Medical Center. Sh...

    View all posts
Editor:
Designer:
Stay Ahead with The Readable's Cybersecurity Insights