Hacking group targets Việt Nam in new cyberattack

September 25, 2024 - 14:57
NCSC advises government agencies and organisations to regularly check and review their systems for vulnerabilities, actively monitor information regarding the campaign and stay updated on potential threats.

 

A05 officers arrest a suspect who impersonated a bank employee to defraud people online. — Photo conganbacgiang.gov.vn

HÀ NỘI —  The National Cyber Security Centre (NCSC) has identified a new cyberattack campaign targeting government and military organisations across the Asia-Pacific region, including Việt Nam.

The campaign, which began in July 2024, is suspected to be linked to the APT41 hacking group.

The attackers are exploiting a technique known as AppDomainManager Injection to spread malware. This technique allows them to gain control of user systems and steal sensitive information.

The campaign also involves DNS poisoning attacks, where attackers redirect internet traffic from legitimate servers to fake ones controlled by the attackers. This tactic primarily targets internet service providers (ISPs) and disrupts their DNS services.

The NCSC warns that macOS and Windows systems are vulnerable to these attacks.

To mitigate these risks, NCSC advises government agencies and organisations to regularly check and review their systems for vulnerabilities, actively monitor information regarding the campaign and stay updated on potential threats, enhance network surveillance and be prepared to respond to cyberattacks.

Organisations are encouraged to contact NCSC at 02432091616 or ncsc@ais.gov.vn if suspicious activity is detected.

In a seminar on cyber security on Tuesday, Nguyễn Trọng An, an officer from the Department of Cyber ​​Security and Hi-tech Crime Prevention (A05) under the Ministry of Public Security, reported that A05 had handled over 210,000 cyber threats and 20 highly critical cyberattacks in the first half of 2024.

He said ransomware attacks on major corporations in finance, energy, and telecommunications had become increasingly prevalent, causing operational disruptions and substantial economic damage. 

"Install a good antivirus programme, use a firewall to block threats and make sure your software is always patched," advised An.

The cybersecurity officer also suggested users avoid clicking on ads, opening suspicious links, or using public Wifi, to stay safe online. — VNS

 

E-paper