Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Vietnam. Show all posts
Vietnam
Data Leak Illicit Activity Mobile Security Telegram User Privacy Vietnam

Vietnam Blocks Telegram Messaging App

 

Vietnam's technology ministry has ordered telecommunications service providers to ban the messaging app Telegram for failing to cooperate in the investigation of alleged crimes committed by its users, a move Telegram described as shocking.

In a document dated May 21 and signed by the deputy head of the telecom department at the technology ministry, telecommunications firms were asked to start steps to block Telegram and report back to the ministry by June 2. 

In the document seen by Reuters, the ministry was acting on behalf of the nation's cybersecurity department after police revealed that 68% of Vietnam's 9,600 Telegram channels and groups were breaking the law. They cited drug trafficking, fraud, and "cases suspected of being related to terrorism" as some of the illicit activities conducted through the app. 

According to the document, the ministry requested that telecom companies "deploy solutions and measures to prevent Telegram's activities in Vietnam.” Following the release of the Reuters piece, the government announced the measures against Telegram on its website. 

"Telegram is surprised by those statements. We have responded to legal requests from Vietnam on time. This morning, we received a formal notice from the Authority of Communications regarding a standard service notification procedure required under new telecom regulations. The deadline for the response is May 27, and we are processing the request," the Telegram representative noted. 

According to a technology ministry official, the move was prompted by Telegram's failure to share customer information with the government when requested as part of criminal investigations.

The Vietnamese police and official media have regularly cautioned citizens about potential crimes, frauds, and data breaches on Telegram channels and groups. Telegram, which competes globally with major social networking apps such as Facebook's (META.O), WhatsApp and WeChat, remain available in Vietnam on Friday. 

Vietnam's ruling Communist Party maintains strict media censorship and tolerates minimal opposition. The country has regularly asked firms such as Facebook, Google (GOOGL.O), YouTube, and TikTok to work with authorities to remove "toxic" data, which includes offensive, misleading, and anti-state content. 

According to the document, Telegram has been accused of failing to comply with regulations requiring social media platforms to monitor, remove, and restrict illegal content. "Many groups with tens of thousands of participants were created by opposition and reactionary subjects spreading anti-government documents" based on police information. 

The free-to-use site, which has about 1 billion users globally, has been embroiled in scandals over security and data breaches, particularly in France, where its founder, Pavel Durov, was temporarily detained last year.
Read more »
Vietnam
Cyberattacks GitLab Info Stealer malware MrTonyScam Phishing Attack Python-based Malware Vietnam

MrTonyScam: Python-based Stealers Deployed via Facebook Messenger


A new phishing attack has recently been witnessed in Facebook Messenger where messages are being transferred with malwares attached to them, hailing from a "swarm of fake and hijacked personal accounts" and their aim is accessing targets’ business accounts. 

The attack, referred to as ‘MrTonyScam,’ executes its attacks by sending messages to their targets compelling them to click on their RAR and ZIP archive attachments, and launching a dropper that downloads the subsequent stage from a GitHub or GitLab repository.

Oleg Zaytsev, Guardio Labs researcher states in an analysis published over the weekend, "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods."

This payload is another archive file with a CMD file inside of it. The CMD file then contains an obfuscated Python-based stealer that exfiltrates all cookies and login information from various web browsers to a Telegram or Discord API endpoint that is under the control of an actor.

A significantly interesting tactic used by the threat actors is how they delete all cookies once they have stolen them in order to block their victims from their own accounts. They further hack the victim’s session with the help of the stolen cookies, changing passwords and thus acquiring complete control. 

Also, there have been speculations that the threat actors are based in Vietnam, considering the presence of Vietnamese language references in the source code of the Python stealer. For instance, there has been the inclusion of ‘Cốc Cốc,’ which is a Chromium-based browser used popularly in Vietnam. 

Guardio Labs discovered that the campaign has experienced a high success rate, with 1 out of 250 victims being estimated to have been infected over the last 30 days alone, despite the fact that the infection needs user input to download a file, unzip it, and execute the attachment.

Among other countries, the United States, Australia, Canada, France, Germany, Indonesia, Japan, Nepal, Spain, the Philippines, and Vietnam have reported the majority of the compromises.

"Facebook Accounts with reputation, seller rating, and high number of followers can be easily monetized on dark markets[…]Those are used to reach a broad audience to spread advertisements as well as more scams," Zaytsev noted.

The aforementioned reveal came in days after WithSecure and Zscaler ThreatLabz reported the newly launched Ducktail and Duckport campaigns that targeted Meta Business and Facebook accounts using ‘malverposting’ tactics.

"The Vietnamese-centric element of these threats and high degree of overlaps in terms of capabilities, infrastructure, and victimology suggests active working relationships between various threat actors, shared tooling and TTPs across these threat groups, or a fractured and service-oriented Vietnamese cybercriminal ecosystem (akin to ransomware-as-a-service model) centered around social media platforms such as Facebook," WithSecure noted.  

Read more »
Vietnam
Backdoor Cybersecurity macOS Vietnam

Experts Discover New macOS Backdoor, Link Attack Campaign to Vietnamese Hackers

 

Cybersecurity experts at Trend Micro found a macOS backdoor, which the experts believe is used by Vietnamese criminal actors named "oceanlotus." Famous as APT32 or "APT-C-00," the backdoor is highly resourced and resolute. Experts say that Ocenlotus targets government agencies and corporate organizations located explicitly in Southeast Asia. At the beginning of 2020, the criminal group launched Covid-19 espionage attack campaigns targeting China. 

After analyzing different C&C domains used by the sample, Trend Micro suggests that organizations not download any suspicious link or open any unknown attachment, keep systems updated, and ensure employee cybersecurity to stay safe. Compared to Oceanlotus' earlier malware variants, the current sample presents correlations in coding and dynamic behavior. The similarity in behavior hints at the sample's link to the criminal group. A file incorporated in the attack campaign shows a Vietnamese name. According to this information, experts believe that the new malware targeted Vietnamese users. 

The new sample pretends to work as a word document, but it is an app packed into a Zip archive in reality. The app uses special characters to avoid detection. According to TrendMicro, the operating system views the app bundle as an unsupported directory. It means that it uses the "open" command is used to administer the file. The cybersecurity experts found two files in the app bundle. A word file that is shown during the execution process and shell script which does malicious tasks routinely. 

According to security week, "the shell script is responsible for deleting the file quarantine attribute for the files in the bundle and for removing the file quarantine attribute of files in the system, copying the Word document to a temp directory and opening it, extracting the second-stage binary and changing its access permissions, then deleting the malware app bundle and the Word document from the system. The second stage payload is responsible for dropping a third-stage payload, creating persistence, changing the timestamp of the sample using the touch command, and deleting itself. Featuring encrypted strings, the third-stage payload contains two main functions: collecting and sending operating system information to the command and control (C&C) servers, receiving additional communication information, and performing backdoor activities."
Read more »
Vietnam
Automobile Cyber Attacks Networks Breached Vietnam

BMW and Hyundai Networks Compromised by Vietnamese Hackers


Hackers allegedly having links to the Vietnamese government have hacked the networks of two leading automobile manufacturers, BMW and Hyundai, according to the recent reports from the German media.

At the same time, eliminating the novelty from the incident, the reports by Bayerische Rundfunk (BR) and Taggesschau (TS) are making claims that around spring this year, the networks of a BMW branch were breached by attackers.

Reports suggest, hackers installed 'Cobalt Strike', a penetration testing toolkit onto the targeted networks; it was employed as a backdoor through which the compromised networks were intruded by attackers.

Supposedly, BMW was acquainted with the attacker's operations and let them continue to penetrate further into their networks. However, the company brought it to an end by putting a restriction onto the illegal access in the last week of November.

According to the findings, the attackers who compromised BMW's networks also no infected South Korean multinational automotive manufacturer, Hyundai. However, no additional information has been provided regarding the Hyundai breach.

The group behind these attacks, Ocean Lotus (APT32) has been in the cybercrime ecosystem since 2014 and is popular for targeting the automobile sector.

Referencing from the reports, "The attack of the alleged Vietnamese hacker group began in the spring of 2019. Last weekend, the automobile company from Munich finally took the computers concerned off the grid. Previously, the group's IT security experts had been monitoring the hackers for months. This is the result of research by the Bayerischer Rundfunk. Also on the South Korean car manufacturer Hyundai, the hackers had it apart."

"The Federal Office for the Protection of the Constitution also follows the hackers of OceanLotus. "The grouping of OceanLotus has already become important, and one should keep an eye on the development, especially because of the target range automotive industry," said a spokeswoman. In the summer, the German Association of the Automotive Industry (VDA) sent an e-mail to its members. The subject was: "Warning message from the Federal Office for the Protection of the Constitution about poscyberattacksttacks (OceanLotus) on German automobile companies." In the e-mail, the BR research, the hacker's procedure is described in detail." The report reads.
Read more »
Subscribe to: Posts (Atom)