Security News

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia
2024-11-15 11:12

A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA...

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32
2024-08-29 16:15

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress...

4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree
2024-06-25 03:52

Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to...

Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
2023-11-14 08:03

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. Ducktail, alongside Duckport and NodeStealer, is part of a cybercrime ecosystem operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts.

Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware
2023-10-20 13:28

Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail...

Researchers uncover DarkGate malware’s Vietnamese connection
2023-10-20 10:58

WithSecure researchers have tracked attacks using DarkGate malware to an active cluster of cybercriminals operating out of Vietnam. DarkGate is a remote access trojan that has been used in attacks since at least 2018 and is currently available to cybercriminals as Malware-as-a-Service.

GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets
2023-10-06 01:06

Singapore-based infosec outfit Group-IB on Thursday released details of a new Android trojan that exploits the operating system's accessibility features to steal info that enables theft of personal information. The security research outfit wrote that the trojan, named GoldDigger, currently targets Vietnamese banking apps - but includes code suggesting its developers plan wider attacks.

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
2023-09-11 14:22

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "Swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' accounts. "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods," Guardio Labs researcher Oleg Zaytsev said in an analysis published over the weekend.

Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
2023-09-04 08:40

"And with businesses now leveraging the reach of social media for advertising, attackers have a new, highly-lucrative type of attack to add to their arsenal - hijacking business accounts." Cyber attacks targeting Meta Business and Facebook accounts have gained popularity over the past year, courtesy of activity clusters such as Ducktail and NodeStealer that are known to raid businesses and individuals operating on Facebook.

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies
2023-06-10 12:04

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. "SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities," Elastic Security Labs said in a Friday report. The attacks have been attributed to an actor it tracks as REF2754, which overlaps with a Vietnamese threat group known as APT32, Canvas Cyclone, Cobalt Kitty, and OceanLotus.