U.S. cybersecurity experts see recent spike in Chinese digital espionage

By Christopher Bing and Raphael Satter

(Reuters) – A U.S. cybersecurity firm said Wednesday it has detected a surge in new cyberspying by a suspected Chinese group dating back to late January, when coronavirus was starting to spread outside China.

FireEye Inc. said in a report it had spotted a spike in activity from a hacking group it dubs “APT41” that began on Jan. 20 and targeted more than 75 of its customers, from manufacturers and media companies to healthcare organizations and nonprofits.

There were “multiple possible explanations” for the spike in activity, said FireEye Security Architect Christopher Glyer, pointing to long-simmering tensions between Washington and Beijing over trade and more recent clashes over the coronavirus outbreak, which has killed more than 17,000 people since late last year.

The report said it was “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

FireEye declined to identify the affected customers. The Chinese Foreign Ministry did not directly address FireEye’s allegations but said in a statement that China was “a victim of cybercrime and cyberattack.” The U.S. Office of the Director of National Intelligence declined comment.

FireEye said in its report that APT41 abused recently disclosed flaws in software developed by Cisco, Citrix  and others to try to break into scores of companies’ networks in the United States, Canada, Britain, Mexico, Saudi Arabia, Singapore and more than a dozen other countries.

Cisco said in an email it had fixed the vulnerability and it was aware of attempts to exploit it, a sentiment echoed by Citrix, which said it had worked with FireEye to help identify “potential compromises.”

Others have also spotted a recent uptick in cyber-espionage activity linked to Beijing.

Matt Webster, a researcher with Secureworks – Dell Technologies’  cybersecurity arm – said in an email that his team had also seen evidence of increased activity from Chinese hacking groups “over the last few weeks.”

In particular, he said his team had recently spotted new digital infrastructure associated with APT41 – which Secureworks dubs “Bronze Atlas.”

Tying hacking campaigns to any specific country or entity is often fraught with uncertainty, but FireEye said it had assessed “with moderate confidence” that APT41 was composed of Chinese government contractors.

FireEye’s head of analysis, John Hultquist, said the surge was surprising because hacking activity attributed to China has generally become more focused.

“This broad action is a departure from that norm,” he said.

(Reporting by Raphael Satter and Christopher Bing; additional reporting by the Beijing newsroom; Editing by Richard Pullin and Paul Simao)

Vietnam unveils 10,000-strong cyber unit to combat ‘wrong views’

Men use computers at an internet cafe in Bim Son town, outside Hanoi, Vietnam May 15, 2017.

HANOI (Reuters) – Vietnam has unveiled a new, 10,000-strong military cyber warfare unit to counter “wrong” views on the Internet, media reported, amid a widening crackdown on critics of the one-party state.

The cyber unit, named Force 47, is already in operation in several sectors, Tuoi Tre newspaper quoted Lieutenant General Nguyen Trong Nghia, deputy head of the military’s political department, as saying at a conference of the Central Propaganda Department on Monday in the commercial hub of Ho Chi Minh City.

“In every hour, minute, and second we must be ready to fight proactively against the wrong views,” the paper quoted the general as saying.

Communist-ruled Vietnam has stepped up attempts to tame the internet, calling for closer watch over social networks and for the removal of content that it deems offensive, but there has been little sign of it silencing criticism when the companies providing the platforms are global.

Its neighbor China, in contrast, allows only local internet companies operating under strict rules.

The number of staff compares with the 6,000 reportedly employed by North Korea. However, the general’s comments suggest its force may be focused largely on domestic internet users whereas North Korea is internationally focused because the internet is not available to the public at large.

In August, Vietnam’s president said the country needed to pay greater attention to controlling “news sites and blogs with bad and dangerous content”.

Vietnam, one of the top 10 countries for Facebook users by numbers, has also drafted an internet security bill asking for local placement of Facebook and Google servers, but the bill has been the subject of heated debate at the National Assembly and is still pending assembly approval.

Cyber security firm FireEye Inc  said Vietnam had “built up considerable cyber espionage capabilities in a region with relatively weak defenses”.

“Vietnam is certainly not alone. FireEye has observed a proliferation in offensive capabilities … This proliferation has implications for many parties, including governments, journalists, activists and even multinational firms,” a spokesman at FireEye, who requested anonymity, told Reuters.

“Cyber espionage is increasingly attractive to nation states, in part because it can provide access to a significant amount of information with a modest investment, plausible deniability and limited risk,” he added.

Vietnam denies such charges.

Vietnam has in recent months stepped up measures to silence critics. A court last month jailed a blogger for seven years for “conducting propaganda against the state”.

In a separate, similar case last month, a court upheld a 10-year jail sentence for a prominent blogger.

(Reporting by Mi Nguyen in HANOI; Additional reporting by Amy Sawitta Lefevre in BANGKOK and Eric Auchard in FRANKFURT; Editing by Amy Sawitta Lefevre and Nick Macfie)

Vietnam unveils 10,000-strong cyber unit to combat ‘wrong views’

An internet user browses through the Vietnamese government's new Facebook page in Hanoi December 30, 2015.

HANOI (Reuters) – Vietnam has unveiled a new, 10,000-strong military cyber warfare unit to counter “wrong” views on the Internet, media reported, amid a widening crackdown on critics of the one-party state.

The cyber unit, named Force 47, is already in operation in several sectors, Tuoi Tre newspaper quoted Lieutenant General Nguyen Trong Nghia, deputy head of the military’s political department, as saying at a conference of the Central Propaganda Department on Monday in the commercial hub of Ho Chi Minh City.

“In every hour, minute, and second we must be ready to fight proactively against the wrong views,” the paper quoted the general as saying.

Communist-ruled Vietnam has stepped up attempts to tame the internet, calling for closer watch over social networks and for the removal of content that it deems offensive, but there has been little sign of it silencing criticism when the companies providing the platforms are global.

Its neighbor China, in contrast, allows only local internet companies operating under strict rules.

The number of staff compares with the 6,000 reportedly employed by North Korea. However, the general’s comments suggest its force may be focused largely on domestic internet users whereas North Korea is internationally focused because the internet is not available to the public at large.

In August, Vietnam’s president said the country needed to pay greater attention to controlling “news sites and blogs with bad and dangerous content”.

Vietnam, one of the top 10 countries for Facebook users by numbers, has also drafted an internet security bill asking for local placement of Facebook and Google servers, but the bill has been the subject of heated debate at the National Assembly and is still pending assembly approval.

Cyber security firm FireEye Inc said Vietnam had “built up considerable cyber espionage capabilities in a region with relatively weak defenses”.

“Vietnam is certainly not alone. FireEye has observed a proliferation in offensive capabilities … This proliferation has implications for many parties, including governments, journalists, activists and even multinational firms,” a spokesman at FireEye, who requested anonymity, told Reuters.

“Cyber espionage is increasingly attractive to nation states, in part because it can provide access to a significant amount of information with a modest investment, plausible deniability and limited risk,” he added.

Vietnam denies such charges.

Vietnam has in recent months stepped up measures to silence critics. A court last month jailed a blogger for seven years for “conducting propaganda against the state”.

In a separate, similar case last month, a court upheld a 10-year jail sentence for a prominent blogger.

(Reporting by Mi Nguyen in HANOI; Additional reporting by Amy Sawitta Lefevre in BANGKOK and Eric Auchard in FRANKFURT; Editing by Amy Sawitta Lefevre and Nick Macfie)