By John Boudreau and Mai Ngoc Chau
August 9, 2016 — 4:10 PM PDT Updated on August 9, 2016 — 11:02 PM PDT
The spyware used in cyber attacks on Vietnam’s major airports and national carrier last month is now suspected of having bombarded many more official sites, amid tensions with China over territory in the disputed South China Sea.
A malicious code disguised as anti-virus software found lurking in everything from government offices to banks, major companies and universities was the same as that used in "politically-colored" attacks on two of the country’s biggest airports and Vietnam Airlines, said Ngo Tuan Anh, vice chairman of Hanoi-based network security company Bkav Corp.
On July 29, the flight screens at the airports displayed messages critical of Vietnam’s claims to the South China Sea, according to the VnExpress news website. Vietnam and the Philippines have been the most vocal in criticizing China for its increased assertiveness over the area.
While more evidence is needed to pinpoint the likely origin, the attacks were clearly political in nature, Anh said. The spyware aimed at Vietnam was from one group or several actors working together that has made assaults on institutions in the Southeast Asian country since 2012, he added. Vietnam’s Ministry of Foreign Affairs did not respond to an e-mailed request for comment.
With tensions running high in the South China Sea as China increases its military presence in the area, having reclaimed thousands of acres of land on small shoals and reefs, claimant nations are seeking diplomatic and popular support for their stances. The Vietnam incident highlights the vulnerability of some smaller Southeast Asian states to sustained attacks on their government infrastructure in response to geopolitical frictions.
“The attack on the airport and airline appears to be the work of cyber activists who are using it to promote a political agenda,” Wias Issa, senior director for Asia Pacific at security company FireEye Inc., said in an e-mail. “A key challenge is that volatile geopolitics in Vietnam make it a target.”
The website of the Permanent Court of Arbitration in The Hague went offline in October during a hearing of a Philippine challenge to China’s claim to more than 80 percent of the South China Sea. The court ruled last month in favor of the Philippines, prompting an angry response from the government in Beijing, which did not take part in the arbitration proceedings and said it didn’t recognize the verdict.
Vietnam’s Minister of Information and Communications Truong Minh Tuan said the government is reviewing Chinese technology and devices after the July cyber attack, Tuoi Tre newspaper reported. Major Vietnamese telecom operators use Chinese technology, raising the threats of more data breaches, he said.
Chinese hacker group 1937cn initially claimed responsibility for the incident, which included Vietnam Airlines’ database of frequent flyers being leaked online, before denying involvement, Tuan said. 1937cn team founder Liu Yongfa was quoted in China’s state-run Global Times as saying he neither admitted nor denied the attacks.
"1937cn is a non-government organization,” Liu said. “We do not want to be a victim of the politics."
"At a time when the definition of a cyber crime remains vague in China, our team will start a cyber war to defend the country and the people when their sovereignty and rights are violated by foreign countries," Liu said.