Small Countries’ New Weapon Against Goliaths: Hacking
FireEye, a company that deals with large network breaches, said it had watched a Vietnamese group known as OceanLotus target foreign companies since at least 2014. Credit Beck Diefenbach/ReutersPhoto by: Beck Diefenbach/Reuters
In a 2014 blog post, the Electronic Frontier Foundation, a nonprofit advocacy group in California, documented what it said appeared to be a state-affiliated Vietnamese hacking operation that had targeted a range of people critical of the government, including an Associated Press reporter in Vietnam and a pro-democracy blogger in California. FireEye said OceanLotus employed a similar type of email phishing, using messages to bait victims into downloading malicious software or turning over their user names and passwords.
“More and more companies have to hire experts and train the staff to understand the security risks that are part of their everyday working routine,” said Amanuel Flobbe, the chairman of the Information and Communications Technology Sector Committee at the European Chamber of Commerce in Vietnam.
Digital security experts say private-sector cybercriminals or activists are responsible for much of the hacking in Southeast Asia. But FireEye said OceanLotus was notable because it appeared to be state-sponsored and used some unique malware that was not commercially available.
Mr. Wellsmore said state-sponsored hacking groups in Asia were increasingly using multimillion-dollar tools to achieve their goals.
“That sort of level of sophistication is generally nation-state-sponsored,” he said, “because they’re the ones that have that strategic interest and are willing to invest that sort of money.”