Enjoying our content? Subscribe:
Top 10 Cybersecurity Breaches in Vietnam
Learn about the state of cybersecurity in Vietnam and the 10 biggest breaches in this country.
Vietnam is going for e-Government, meaning its digitalization journey is moving exceptionally well. Citizens are getting accustomed to ordering and paying online and creating online appointments.
The government is moving forward with cybersecurity as well, it is the country's top priority at the moment. They realize that they need to get people's trust to get them online. They have made quite good progress too: in 2017 and 2018, they ranked 50th out of 154 countries in Global Cybersecurity Index (GCI) and in 2020, they got to 25th place. They continuously issue new laws to make their online space as secure as possible.
Yet, the troubles do still happen. Let's take a look at the top 10 cybersecurity breaches in Vietnam.
The government is moving forward with cybersecurity as well, it is the country's top priority at the moment. They realize that they need to get people's trust to get them online. They have made quite good progress too: in 2017 and 2018, they ranked 50th out of 154 countries in Global Cybersecurity Index (GCI) and in 2020, they got to 25th place. They continuously issue new laws to make their online space as secure as possible.
Yet, the troubles do still happen. Let's take a look at the top 10 cybersecurity breaches in Vietnam.
#1 Vietnamese Crypto Trading Platform ONUS Loses Nearly 2 Million Customer Records
ONUS is one of the largest Vietnamese crypto trading platforms that got 1,5 million users in just 18 months. Their main aim is to make trading easy, even for the newbies, and that is why they gained that much traction.
However, they suffered a cybersecurity incident in 2021. It was a ransomware attack and the hackers asked for $5 million. The company declined and they put up the data of nearly 2 million customers online for sale. It included identification documents and proofs from the customers, personal information, and hashed passwords.
The attack became possible because of the notorious Log4Shell vulnerability. It was fully explained on GitHub and the hackers used it to attack many businesses. ONUS became one of them, their Cyclos server, a point-of-sale (POS) and payment software provider, got compromised first. The hackers managed to implant backdoors and exploit them fully to enter the entire system. Cyclos did inform the company about the possible breach and ONUS reacted immediately but it was not enough time. The improper access control on Amazon S3 buckets allowed attackers to move forward freely.
The company sent a statement to its users later where they apologized, expressed their hope for understanding, and promised to do better. They fixed their previous mistakes by now.
However, they suffered a cybersecurity incident in 2021. It was a ransomware attack and the hackers asked for $5 million. The company declined and they put up the data of nearly 2 million customers online for sale. It included identification documents and proofs from the customers, personal information, and hashed passwords.
The attack became possible because of the notorious Log4Shell vulnerability. It was fully explained on GitHub and the hackers used it to attack many businesses. ONUS became one of them, their Cyclos server, a point-of-sale (POS) and payment software provider, got compromised first. The hackers managed to implant backdoors and exploit them fully to enter the entire system. Cyclos did inform the company about the possible breach and ONUS reacted immediately but it was not enough time. The improper access control on Amazon S3 buckets allowed attackers to move forward freely.
The company sent a statement to its users later where they apologized, expressed their hope for understanding, and promised to do better. They fixed their previous mistakes by now.
#2 Hackers Got Access to 30 Million Vietnamese People's School Records
In 2022, Vietnam faced one of its biggest recent breaches. The hacker attacked "a famous Vietnamese school website" and claimed to obtain 30 million records. They included username, email, phone number, full name, date of birth, school, and address.
The hacker put the data up for sale – they wanted $3,500 for it. Part of the leaked data was shared publicly: they showed 70 people, most of them teachers, to prove that the data was accurate.
The number is impressive since it is one-third of the population of Vietnam. The hacker said the information can be valuable for marketing and stealing. If the scale of their attack is true, it is going to be one of the biggest breaches in the history of the country.
The hacker put the data up for sale – they wanted $3,500 for it. Part of the leaked data was shared publicly: they showed 70 people, most of them teachers, to prove that the data was accurate.
The number is impressive since it is one-third of the population of Vietnam. The hacker said the information can be valuable for marketing and stealing. If the scale of their attack is true, it is going to be one of the biggest breaches in the history of the country.
#3 Tech Firm iSofh Leaked 12 Million Sensitive Patient Records
iSofH is a Vietnamese company that provides healthcare information management solutions. Their software for electronic health records and hospital management is used by 18 medical facilities, including eight top-tier clinics.
In 2020, the researchers found that one of their cloud servers was left publicly exposed without encryption or password protection. One could access 12 million patient records through it, with no difficulties. The records included full names and dates of birth, postal and email addresses, phone numbers, passport details, credit card numbers, medical records, and recent test results and diagnoses. Three days after the discovery, the channel was attacked by the meow bot that deleted some information.
The company did not take it seriously, even though this data can be used for phishing campaigns, identity theft, or more sophisticated attacks.
In 2020, the researchers found that one of their cloud servers was left publicly exposed without encryption or password protection. One could access 12 million patient records through it, with no difficulties. The records included full names and dates of birth, postal and email addresses, phone numbers, passport details, credit card numbers, medical records, and recent test results and diagnoses. Three days after the discovery, the channel was attacked by the meow bot that deleted some information.
The company did not take it seriously, even though this data can be used for phishing campaigns, identity theft, or more sophisticated attacks.
#4 Vietnam Maritime Bank Leaks 2 Million Accounts
Maritime Bank (MSB) provides commercial and retail banking products and services in Vietnam. It is one of the online banking solutions that became extremely popular in Vietnam in recent years.
In 2019, a hacker posted on the Raidforums that they obtained access to more than 2 million Maritime Bank accounts and they are going to get even more data soon. The records included the full name, identity card number, telephone number, home address, date of birth, gender, email, and occupation of the customers. The data samples were proven to be accurate. Moreover, it also had accounts from other banks.
The experts say that it could have been an attack or leak from one of the employees. The authorities contacted the forum so that they deleted the data. They also worked with the police to investigate the incident.
In 2019, a hacker posted on the Raidforums that they obtained access to more than 2 million Maritime Bank accounts and they are going to get even more data soon. The records included the full name, identity card number, telephone number, home address, date of birth, gender, email, and occupation of the customers. The data samples were proven to be accurate. Moreover, it also had accounts from other banks.
The experts say that it could have been an attack or leak from one of the employees. The authorities contacted the forum so that they deleted the data. They also worked with the police to investigate the incident.
#5 Vietnam's Mobile World Group Leaks Data of 5.4 Million Customers
MWG (Mobile World Group) is Vietnam's largest mobile device and consumer electronics retailer. The company has several retail chains, Thegioididong.com being one of them. The chain specializes in the retail sale of digital products including mobile phones, tablets, laptops, and accessories for these products.
In 2018, it was hit by a massive hack that left 5.4 million customers exposed. The leaked records included their email addresses, and the credit card numbers of 31,000 customers were up for sale as well. The information was posted on RaidForums, the experts believe that the hacker has more. Later, they also put up 61,000 addresses of the chain's employees.
The group claims that they have not experienced the breach and they do not store credit card information. At the same time, several users have recognized their cards and transactional information.
In 2018, it was hit by a massive hack that left 5.4 million customers exposed. The leaked records included their email addresses, and the credit card numbers of 31,000 customers were up for sale as well. The information was posted on RaidForums, the experts believe that the hacker has more. Later, they also put up 61,000 addresses of the chain's employees.
The group claims that they have not experienced the breach and they do not store credit card information. At the same time, several users have recognized their cards and transactional information.
#6 Nearly 10,000 Vietnamese IDs Leaked
In 2021, a user on RaidForums announced a data leak of a 17 GB data package. It included name, date of birth, avatar, address, email, phone number, identity card number, and photos of the identity cards on the back and front sides.
The hacker offered the data for $9,000, the price dropped to $4,300. The data also contained selfies. Paired with ID cards, they can be used for identity theft online.
The police confirmed the case. However, they do not know where the leak source is. There are many institutions that ask for this kind of information. They also said that the number was not that big. Still, it became a source of serious concern about data and identity safety in the country.
The hacker offered the data for $9,000, the price dropped to $4,300. The data also contained selfies. Paired with ID cards, they can be used for identity theft online.
The police confirmed the case. However, they do not know where the leak source is. There are many institutions that ask for this kind of information. They also said that the number was not that big. Still, it became a source of serious concern about data and identity safety in the country.
#7 Vietnam Airlines Hacked by the Chinese Group
Vietnam Airlines is a national carrier of the country which was attacked numerous times. The most significant incident happened back in 2016 when the data was breached and the computer systems of two major airports were down.
The Chinese group, 1937cn, was behind the attack. They controlled audio and screen systems at Tan Son Nhat and Noi Bai, the two biggest airports in Vietnam, and modified them to spread offensive messages about the South China Sea, Vietnam, and the Philippines.
They also stole and sold information of 400,000 Golden Lotus customers, meaning they got into the loyal program information as well. It included names, birthdates, addresses, and bank card details.
They used malware that breaks into computers and disguises itself as anti-virus software to hide for a long time without being detected. The program entered deep into the systems and was able to collect accounts and passwords, receive commands from hackers to control computers remotely, delete traces, change audio files, display information on screen systems, encrypt data, and manipulate SQL databases.
The system could have been better protected though, there was anti-malware for this kind of attack at the time. The company should not have stored bank cards tied to account information.
The Chinese group, 1937cn, was behind the attack. They controlled audio and screen systems at Tan Son Nhat and Noi Bai, the two biggest airports in Vietnam, and modified them to spread offensive messages about the South China Sea, Vietnam, and the Philippines.
They also stole and sold information of 400,000 Golden Lotus customers, meaning they got into the loyal program information as well. It included names, birthdates, addresses, and bank card details.
They used malware that breaks into computers and disguises itself as anti-virus software to hide for a long time without being detected. The program entered deep into the systems and was able to collect accounts and passwords, receive commands from hackers to control computers remotely, delete traces, change audio files, display information on screen systems, encrypt data, and manipulate SQL databases.
The system could have been better protected though, there was anti-malware for this kind of attack at the time. The company should not have stored bank cards tied to account information.
#8 A Delivery Company Giao Hang Tiet Kiem Leaks All of Its Data
Giao Hang Tiet Kiem is a popular Vietnamese delivery company: it has more than 1,000 branches across the country, and 20,000 shippers are operating continuously within the company.
The delivery service leaked 4GB of its source code which can be compared to giving a key to a bank theft. The hacker found a vulnerability that allowed them to download it all and trade it with other hackers, as well as edit or change the code. The company stored such information as names, phone numbers, shipping addresses, passwords, etc.
The vulnerability was fixed. The problem was either in negligence configured DevOps by the programmer, system administrator, or a weak password set.
The delivery service leaked 4GB of its source code which can be compared to giving a key to a bank theft. The hacker found a vulnerability that allowed them to download it all and trade it with other hackers, as well as edit or change the code. The company stored such information as names, phone numbers, shipping addresses, passwords, etc.
The vulnerability was fixed. The problem was either in negligence configured DevOps by the programmer, system administrator, or a weak password set.
#9 A Breach of a Game Publisher VNG Affected 163 Million Gaming Accounts
VNG is one of the four main game publishers in Vietnam. However, it also works with platforms, digital payments, and cloud services. It has become the first Vietnam unicorn start-up.
In 2015, they suffered a massive data breach that exposed 163 million gaming accounts, including account usernames, passwords, e-mail addresses, phone numbers, full names, dates of birth, IP addresses, and city and country of residence.
The information was offered for sale on Raidforums. The file totals 7.55 gigabytes in size. The company apologized in 2018, revealing the breach. They said that the majority of breached accounts were not used in over a year and that the data affected only gaming accounts, cloud services, and digital payments stayed intact. They also claimed to have fixed their issues since then.
In 2015, they suffered a massive data breach that exposed 163 million gaming accounts, including account usernames, passwords, e-mail addresses, phone numbers, full names, dates of birth, IP addresses, and city and country of residence.
The information was offered for sale on Raidforums. The file totals 7.55 gigabytes in size. The company apologized in 2018, revealing the breach. They said that the majority of breached accounts were not used in over a year and that the data affected only gaming accounts, cloud services, and digital payments stayed intact. They also claimed to have fixed their issues since then.
#10 The Hacking Group Ocean Lotus Targets Vietnamese Activists
Quite often hacking in Vietnam has a political nature: sometimes it comes from other countries like China, and sometimes the country targets its own citizens.
The hacking group Ocean Lotus is targeting activists in the country and reportedly has a link to the Vietnamese government. They are using spyware and phishing emails with an "important" attachment. The victims of the attacks are pro-democracy activist Bui Thanh Hieu, and another blogger in Viet Nam, who is not named due to security concerns. Some of the activist groups had to seek refuge in another country and they are still targeted outside Vietnam by the same group.
It highlights how hacking can be used for a variety of reasons, and that corporations and governmental structures are not the only ones who need to take care of their cybersecurity. NGOs, activists, and individuals can become a target of hackers too so they need protection as well.
The hacking group Ocean Lotus is targeting activists in the country and reportedly has a link to the Vietnamese government. They are using spyware and phishing emails with an "important" attachment. The victims of the attacks are pro-democracy activist Bui Thanh Hieu, and another blogger in Viet Nam, who is not named due to security concerns. Some of the activist groups had to seek refuge in another country and they are still targeted outside Vietnam by the same group.
It highlights how hacking can be used for a variety of reasons, and that corporations and governmental structures are not the only ones who need to take care of their cybersecurity. NGOs, activists, and individuals can become a target of hackers too so they need protection as well.
Conclusion
Even though Vietnamese companies have their problems, the country sees its problems and strives to fix them. Both private and governmental entities work towards better cybersecurity and their effort pays off, judging from the ranking.
Yet, some companies still do not consider cyberattacks as serious threats and do not have the need to work on their security. It is important to note that every company is likely to suffer a breach, it is a matter of your response that can save your business. Some companies are yet to realize it.
Yet, some companies still do not consider cyberattacks as serious threats and do not have the need to work on their security. It is important to note that every company is likely to suffer a breach, it is a matter of your response that can save your business. Some companies are yet to realize it.
Cyberlands.io Team