• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Vietnam-Linked Hacking Group Targets Toyota, Other Companies

Vietnam-Linked Hacking Group Targets Toyota, Other Companies

Toyota
Photo: Bloomberg
December 27, 2019
Bloomberg

A Vietnam-based hacking group is learning from China’s playbook, using increasingly sophisticated cyberattacks to spy on competitors and help Vietnam catch up to global competitors, according to cybersecurity experts.

In the last two years, the group, which is believed to be tied to the Vietnamese government and known as APT32, has ramped up its cyber-espionage, particularly in southeast Asia, according to the cybersecurity firm CrowdStrike Inc. The hacking group’s exploits have included intellectual property theft, the firm said, the same activity for which Chinese hackers are infamous.

The automotive industry has been a key target for APT32, according to multiple experts. For example, APT32 created fake domains for Toyota Motor Corp. and Hyundai Motor Co. in an attempt to infiltrate the automakers’ networks, according to a researcher familiar with the matter who requested anonymity discussing companies. In March, Toyota discovered that it was targeted in Vietnam and Thailand and through a subsidiary — Toyota Tokyo Sales Holdings Inc — in Japan, according to spokesman Brian Lyons. A Toyota official, who requested anonymity discussing the hacking group, confirmed that APT32 was responsible.

Vietnam has also targeted American businesses relevant to Vietnam’s economy, including the consumer products industry, for years, according to experts. “What’s changed more recently, and this is consistent with broader trends in the cyberthreat actor landscape, is that they are getting better and better at it,” said Andrew Grotto, a fellow at Stanford University who served as the senior director for cybersecurity policy on the National Security Council from late 2015 to mid-2017. “They’re becoming more adept at developing their own tools, while at the same time tapping the global malware market for commercial tools.”

The uptick in Vietnam’s economic espionage activity, which began in 2012 and has spiked since 2018 according to CrowdStrike, comes as the Trump administration seeks to curb what many believe has been rampant intellectual property theft by China — former National Security Agency Director Keith Alexander, who served under Presidents Barack Obama and George W. Bush, has called it the “greatest transfer of wealth in history.”

Competitive Edge

The Vietnamese hackers have emulated some of China’s cyber methods, albeit on a significantly smaller scale, the experts said.

Vietnamese government hackers have likely “seen how successful the Chinese have been at building cyber-espionage capabilities and cybersurveillance capabilities,” according to Eric Rosenbach, co-director of the Belfer Center for Science and International Affairs at the Harvard Kennedy School and a former assistant secretary of defense for global security under Obama. As a result, they may be building out or purchasing their own capabilities “either for economic interests or outright theft of intellectual property,” he said.

The Vietnamese foreign ministry and Vietnamese embassy in Washington didn’t respond to requests for comment. A government spokeswoman previously said allegations that state-aligned hackers targeted foreign carmakers were “unfounded.” A representative for the U.S. State Department declined to comment on allegations about economic espionage by Vietnam.

A Hyundai representative didn’t comment on whether it had been targeted by the Vietnamese hacking group, but said that the company “promptly detects and responds to the events of its IT securities.”

Vietnam is part of a growing group of countries — outside of major cyberplayers such as Russia and China — that are developing and buying cyber capabilities, according to former government officials.

“One of the trends that we tracked when I was in the White House was both the broadening of the number of countries that had active cyber programs,” said Michael Daniel, who served as the cybersecurity coordinator on the National Security Council under Obama and is now president and chief executive officer of the non-profit group Cyber Threat Alliance. “The ones that have been investing in cyber like Vietnam are continuing to grow in capability.”

Cybersecurity experts offered different, and sometimes conflicting, reasons to explain the hacking group’s activities, from stealing intellectual property to improve Vietnamese products to gaining a competitive edge in negotiations to ensuring foreign corporations are complying with national regulations.

Ocean Lotus

The cybersecurity firm FireEye Inc. has been tracking APT32 — which is also known as Ocean Lotus and Ocean Buffalo — since 2012, according to Nick Carr, a director at the firm. In 2017, his team investigated a series of hacks in the U.S., Germany and multiple countries in Asia and found that the group had spent at least three years targeting foreign governments, journalists, dissidents and “foreign corporations with a vested interest in Vietnam’s manufacturing, consumer products and hospitality sectors.”

“APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests,” FireEye reported.

Ongoing tactics by APT32 appear to include registering domains that resemble car companies — a move which can precede phishing attacks, in which credentials are stolen by hackers in order to access internal networks, said John Hultquist, FireEye’s director of intelligence analysis.

“Most recently, we’ve seen suspected APT32 domain registration activity designed to resemble automotive firms,” Hultquist said. “This ongoing registration activity affirms APT32’s continuing interest in foreign automakers doing business in Vietnam.”

APT32 recently used Facebook to target individuals who are active in Vietnamese politics, according to the Slovakia-based cybersecurity firm Eset. In this attack, APT32 hackers sent Facebook messages, or Facebook pages, containing what appeared to be a photo album. When victims scrolled through the album, one of the many photos was in fact a malicious document that installed malware on the computer, said Marc-Etienne M.Léveillé, a researcher at the firm.

Targeting dissidents has been part of a broad surveillance campaign that has included hacking into websites popular with politically active citizens and then using those sites to track them and collect information, said Steven Adair, founder of the cybersecurity firm Volexity, Inc. APT32 conducted “a very sophisticated and extremely widespread mass digital surveillance and attack campaign” targeting Asian countries, the media, groups associated with human rights and civil society as well as the Association of Southeast Asian Nations, Volexity reported.

Mini-China Story

While Vietnamese hacking of corporations appears to be on the rise, FireEye has seen a major decline in China’s IP theft against corporations — even as the U.S. trade talks with China have emphasized negotiating an end to it. “From China’s perspective, we’ve definitely seen a massive drop off of that,” said Hultquist of FireEye.

But Vietnam is at a significantly earlier stage in development and, like China did years ago, has turned to cyber-espionage as a means of becoming more competitive, said Adam Meyers, CrowdStrike’s vice president of intelligence. “This is kind of like a mini-China story,” he said.

RELATED CONTENT

RELATED VIDEOS

Data Management (Big Data/IoT/Blockchain) Technology Regulation & Compliance Supply Chain Security & Risk Mgmt Automotive Consumer Packaged Goods
KEYWORDS Asia Pacific Automotive consumer packaged goods Regulation & Compliance SC Security & Risk Mgmt
Bloomberg

Bombardier CEO Sees Blue Skies and Less Debt After Major Overhaul

More from this author

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • karen-jones.jpg

    Watch: Four Industry Disrupters Impacting Logistics

    Data Management (Big Data/IoT/Blockchain)
  • THE SPACE AROUND A COMPUTER KEYBOARD IS CLUSTERED WITH IMAGES GENERIC SHIPPING BOXES

    How Suppliers Can Overcome E-Commerce Supply Chain Challenges

    Data Management (Big Data/IoT/Blockchain)
  • A SEATED PERSON HOLDS A SMARTPHONE, SHOPPING

    Retail Consumer Data: The Key to Personalization, or Privacy Violation?

    Regulation & Compliance
  • TWO MEN IN SUITS ENGAGE IN CONVERSATION ACROSS A COFFEE TABLE HOLDING AN OPEN LAPTOPIN AN OFFICE

    For Shippers, Disruption Means Opportunity to Rethink Carrier Strategy

    LTL/Truckload Services
  • A BLUE AND WHITE JET BLUE PLANE FLIES ABOVE A YELLOW SPIRIT PLANE ON THE TARMAC OF AN AIRPORT

    Biden’s Antitrust Push Across Agencies Is Working to Block Deals

    Air Cargo

Digital Edition

Scb q1 2023 cover

2023 Supply Chain Management Resource Guide: Packing for a Difficult Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Holman Logistics Honeywell Intelligrated
IFM Infor Inmar
Keelvar Kinaxis Korber
Lean Solutions Group 2H Liberty SBF Locus Robotics
Logility LogistiVIEW Lucas Systems
MCA Connect MPO Nvidia
Old Dominion OpenText ORTEC
Overhaul Parsyl PMMI
QIMA Redwood Logistics Ryder E-commerce by Whiplash
Saddle Creek Logistics Schneider Dedicated Setlog Holding AG
Ship4WD Shipwell Shyft
Sourcemap Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing