How Vietnamese hackers are following China’s lead to steal intellectual property
- Vietnam is part of a growing group of countries – separate to major players such as Russia and China – that are developing and buying cyber capabilities
- Group known as APT32, believed to be linked to Vietnamese government, has targeted auto manufacturers, including Toyota and Hyundai
The automotive industry has been a key target for APT32, according to multiple experts. For example, APT32 created fake domains for Toyota and Hyundai in an attempt to infiltrate the automakers’ networks, according to a researcher familiar with the matter who requested anonymity discussing companies. In March, Toyota discovered it was targeted in Vietnam and Thailand and through a subsidiary – Toyota Tokyo Sales Holdings – in Japan, according to spokesman Brian Lyons. A Toyota official, who requested anonymity discussing the hacking group, confirmed that APT32 was responsible.
Vietnam has also targeted American businesses relevant to Vietnam’s economy, including the consumer products industry, for years, according to experts.
“What’s changed more recently, and this is consistent with broader trends in the cyber threat actor landscape, is that they are getting better and better at it,” said Andrew Grotto, a fellow at Stanford University who served as the senior director for cybersecurity policy on the National Security Council from late 2015 to mid-2017. “They’re becoming more adept at developing their own tools, while at the same time tapping the global malware market for commercial tools.”
The uptick in Vietnam’s economic espionage activity, which began in 2012 and has spiked since 2018 according to CrowdStrike, comes as the Trump administration seeks to curb what many believe has been rampant intellectual property theft by China – former National Security Agency Director Keith Alexander, who served under presidents Barack Obama and George W. Bush, has called it the “greatest transfer of wealth in history”.