bodyType

customContents

entityId

printArticlePageQuery

filter

article

body

urlAlias

articleSectionsContent

articleSeoArticle

articleSourceHeaderArticle

contentSchemaRenderContent

contentSubHeadlineContent

contentHeadlineContent

mainImagePrintArticleArticle

authorBlockPrintArticleArticle

contentSponsorTagContent

articlePianoPaywallContent

scmpYoutubeContent

hooksTrackPageViewArticle

query printArticlePageQuery(
  $entityId: String!
  $customContents: [CustomContentInput]
  $bodyType: BodyFormatTypeEnum
) {
  article(filter: {entityId: $entityId}) {
    entityId
    body(customContents: $customContents, type: $bodyType) {
      json
    }
    urlAlias
    ...articleSectionsContent
    ...articleSeoArticle_3o8td4
    ...articleSourceHeaderArticle
    ...contentSchemaRenderContent
    ...contentSubHeadlineContent
    ...contentHeadlineContent
    ...mainImagePrintArticleArticle
    ...authorBlockPrintArticleArticle
    ...contentSponsorTagContent
    ...articlePianoPaywallContent
    ...scmpYoutubeContent
    ...hooksTrackPageViewArticle
    id
  }
}

fragment articlePianoPaywallContent on Content {
  __isContent: __typename
  ...hooksPaywallPromiseContent
}

fragment articleSectionsContent on Content {
  __isContent: __typename
  sections {
    value {
      ...helpersCheckIfNewsSectionInFirstIndexSection
      ...entityLink
      name
      id
    }
  }
}

fragment articleSeoArticle_3o8td4 on Article {
  ...hooksArticleSeoArticle
  ...helpersCheckIsPostiesArticle
  ...helpersGetArticleTypeArticle
  entityId
  publishedDate
  updatedDate
  summary {
    text
  }
  subHeadline {
    text
  }
  body(customContents: $customContents, type: $bodyType) {
    text
  }
  keywords
  sections {
    value {
      name
      id
    }
  }
  topics {
    name
    entityId
    id
  }
  urlAlias
  authors {
    name
    id
  }
  images {
    style(filter: {style: "768x768"}) {
      url
    }
  }
  readingTime
}

fragment articleSourceHeaderArticle on Article {
  urlAlias
  ...entityLink
}

fragment authorBlockPrintArticleArticle on Article {
  ...defaultArticleDateContent
  ...authorNamesArticle
}

fragment authorNameAuthor on Author {
  ...entityLink
  name
  entityUuid
}

fragment authorNamesArticle on Article {
  authorLocations
  authors {
    entityId
    location
    ...authorNameAuthor
    id
  }
}

fragment blockquoteQuoteContent on Content {
  __isContent: __typename
  ...contentShareWidgetContent
}

fragment checkersCheckContentContainsStarlingImageContent on Content {
  __isContent: __typename
  topics {
    entityId
    id
  }
}

fragment contentHeadlineContent on Content {
  __isContent: __typename
  headline
  socialHeadline
  ...contentHeadlineTagContent
  ...helpersUseContentSponsorContent
}

fragment contentHeadlineTagContent on Content {
  __isContent: __typename
  ...hooksContentHeadlineTagContent
}

fragment contentNewsletterWidgetContent on Content {
  __isContent: __typename
  topics {
    relatedNewsletters {
      ...helpersMassageToNewsletterItemNewsletter
      id
    }
    id
  }
  sections {
    value {
      relatedNewsletters {
        ...helpersMassageToNewsletterItemNewsletter
        id
      }
      id
    }
  }
  ... on Article {
    relatedNewsletters {
      ...helpersMassageToNewsletterItemNewsletter
      id
    }
  }
}

fragment contentSchemaRenderContent on Content {
  __isContent: __typename
  ...blockquoteQuoteContent
  ...imageContent
  ...inlineWidgetContent
  ...photoGalleryWidgetContent
  ...scmpYoutubeContent
}

fragment contentShareWidgetContent on Content {
  __isContent: __typename
  entityId
  urlAlias
  shortUrl
  socialHeadline
  headline
}

fragment contentSponsorTagContent on Content {
  __isContent: __typename
  ...helpersUseContentSponsorContent
}

fragment contentSubHeadlineContent on Content {
  __isContent: __typename
  subHeadline {
    json
  }
  summary {
    json
  }
  ...contentSchemaRenderContent
}

fragment defaultArticleDateContent on Content {
  __isContent: __typename
  ...hooksArticleDateUtilsContent
}

fragment entityLink on BaseWithApplicationAndUrlAlias {
  __isBaseWithApplicationAndUrlAlias: __typename
  __typename
  entityId
  entityUuid
  urlAlias
  urlRedirect {
    toUrl
    id
  }
  application {
    entityId
    id
  }
  ... on Section {
    fullSectionPath {
      entityId
      id
    }
    parentSection
  }
  ...helpersAppBarVariantBase
  ...helpersApplicationBase
  ...helpersCheckIsPlusArticle
  ...helpersStyleSectionContent
}

fragment helpersAppBarVariantBase on BaseWithApplicationAndUrlAlias {
  __isBaseWithApplicationAndUrlAlias: __typename
  ...helpersCheckIsLiveArticle
  ...helpersCheckIsPlusPage
  ...helpersCheckIsPostiesArticle
  ...helpersCheckIsPostiesPage
  ...helpersCheckIsPostMagazineArticle
  ...helpersCheckIsStyleArticle
  ...helpersSectionContent
  ...helpersStyleSectionContent
}

fragment helpersApplicationBase on BaseWithApplicationAndUrlAlias {
  __isBaseWithApplicationAndUrlAlias: __typename
  ...helpersCheckIsPostiesArticle
  ...helpersCheckIsPostiesPage
  ...helpersCheckIsPlusPage
}

fragment helpersCheckIfNewsSectionInFirstIndexSection on Section {
  name
}

fragment helpersCheckIsAmpEnabledArticle on Article {
  entityId
  types {
    value {
      entityId
      id
    }
  }
  sections {
    value {
      entityId
      id
    }
  }
  disableOffPlatformContent
  sponsorType
  published
  ...helpersCheckIsPlusArticle
  ...helpersCheckIsPostiesArticle
}

fragment helpersCheckIsLiveArticle on Article {
  flattenTypeIds
  liveArticle {
    status
    id
  }
}

fragment helpersCheckIsMainTopicContent on Content {
  __isContent: __typename
  topics {
    entityId
    id
  }
}

fragment helpersCheckIsPlusArticle on Content {
  __isContent: __typename
  ... on Article {
    paywallTypes {
      entityUuid
      id
    }
  }
}

fragment helpersCheckIsPlusPage on Page {
  urlAlias
}

fragment helpersCheckIsPostMagazineArticle on Article {
  sections {
    value {
      entityId
      id
    }
  }
}

fragment helpersCheckIsPostiesArticle on Article {
  sections {
    value {
      entityId
      id
    }
  }
}

fragment helpersCheckIsPostiesPage on Page {
  urlAlias
}

fragment helpersCheckIsStyleArticle on Content {
  __isContent: __typename
  sections {
    value {
      entityId
      id
    }
  }
}

fragment helpersGetArticleTypeArticle on Content {
  __isContent: __typename
  ... on Article {
    types {
      value {
        entityId
        id
      }
    }
  }
}

fragment helpersMassageToNewsletterItemNewsletter on Newsletter {
  entityId
  name
  alternativeName
  description {
    text
  }
  summary {
    text
  }
  homepageDescription {
    text
  }
}

fragment helpersSanitizeArticleTypeEntityIdsArticle on Article {
  types {
    value {
      entityId
      id
    }
  }
}

fragment helpersSanitizeAuthorTypesArticle on Article {
  authors {
    types
    id
  }
}

fragment helpersSanitizedAuthorEntityIdsArticle on Article {
  authors {
    entityId
    id
  }
}

fragment helpersSectionContent on Section {
  fullSectionPath {
    entityId
    id
  }
}

fragment helpersStyleSectionContent on Section {
  fullSectionPath {
    entityId
    id
  }
}

fragment helpersUseContentSponsorContent on Content {
  __isContent: __typename
  topics {
    entityId
    sponsor {
      ...sponsorTagSponsor
      name
      type
      id
    }
    id
  }
  ... on Article {
    sponsorType
  }
  ...helpersCheckIsMainTopicContent
}

fragment hooksArticleDateUtilsContent on Content {
  __isContent: __typename
  createdDate
  publishedDate
  updatedDate
}

fragment hooksArticleSeoArticle on Article {
  ...helpersCheckIsPostiesArticle
  ...helpersCheckIsPostMagazineArticle
  ...helpersCheckIsStyleArticle
  ...hooksContentHeadlineTagContent
  ...helpersCheckIsAmpEnabledArticle
  entityId
  headline
  socialHeadline
  types {
    value {
      entityId
      id
    }
  }
  authors {
    entityId
    id
  }
  images {
    generic_og: style(filter: {style: "og_image_scmp_generic"}) {
      url
    }
    styles(filter: {styles: ["og_image_posties_article", "og_postmag", "og_image_style", "og_image_scmp_analysis", "og_image_scmp_explainer", "og_image_scmp_editorial", "og_image_scmp_fact_check", "og_image_scmp_debate", "og_image_scmp_live", "og_image_scmp_obituary", "og_image_scmp_opinion", "og_image_scmp_review", "og_image_scmp_series", "og_image_scmp_generic"]}) {
      url
      style
    }
    type
  }
  urlAlias
}

fragment hooksContentHeadlineTagContent on Content {
  __isContent: __typename
  __typename
  ... on Article {
    types {
      value {
        name
        entityId
        description {
          text
        }
        id
      }
    }
    ...helpersCheckIsStyleArticle
  }
  flag
  sections {
    value {
      name
      id
    }
  }
  ...hooksContentHelperContent
}

fragment hooksContentHelperContent on Content {
  __isContent: __typename
  ...helpersSanitizeArticleTypeEntityIdsArticle
  ...helpersSanitizeAuthorTypesArticle
  ...helpersSanitizedAuthorEntityIdsArticle
  flag
}

fragment hooksPaywallPromiseContent on Content {
  __isContent: __typename
  entityId
  ...helpersCheckIsPostiesArticle
}

fragment hooksTrackPageViewArticle on Article {
  entityId
  publishedDate
  headline
  sections {
    value {
      name
      id
    }
  }
  urlAlias
  authors {
    name
    id
  }
  entityUuid
}

fragment imageContent on Content {
  __isContent: __typename
  headline
  ...checkersCheckContentContainsStarlingImageContent
}

fragment inlineWidgetContent on Content {
  __isContent: __typename
  ...contentNewsletterWidgetContent
}

fragment mainImagePrintArticleArticle on Article {
  images {
    title
    url
    isSlideshow
    size_652x446: style(filter: {style: "652x446"}) {
      url
    }
  }
}

fragment photoGalleryDialogContent on Content {
  __isContent: __typename
  __typename
  ...contentShareWidgetContent
}

fragment photoGalleryWidgetContent on Content {
  __isContent: __typename
  ...photoGalleryDialogContent
}

fragment scmpYoutubeContent on Content {
  __isContent: __typename
  entityId
  urlAlias
  publishedDate
}

fragment sponsorTagSponsor on Sponsor {
  name
  type
  images {
    url
  }
}


sections

types

disableOffPlatformContent

sponsorType

published

headline

socialHeadline

authors

images

publishedDate

updatedDate

summary

subHeadline

keywords

topics

readingTime

authorLocations

entityUuid

Bloomberg

A Vietnam-based hacking group is learning from China’s playbook, using increasingly sophisticated cyberattacks to spy on competitors and help Vietnam catch up to global competitors, according to cybersecurity experts.
In the last two years, the group, which is believed to be tied to the Vietnamese government and known as APT32, has ramped up its cyber espionage, particularly in Southeast Asia, according to the cybersecurity firm CrowdStrike. The hacking group’s exploits have included intellectual property theft, the firm said, the same activity for which Chinese hackers are infamous.
The automotive industry has been a key target for APT32, according to multiple experts. For example, APT32 created fake domains for Toyota and Hyundai in an attempt to infiltrate the automakers’ networks, according to a researcher familiar with the matter who requested anonymity discussing companies. In March, Toyota discovered it was targeted in Vietnam and Thailand and through a subsidiary – Toyota Tokyo Sales Holdings – in Japan, according to spokesman Brian Lyons. A Toyota official, who requested anonymity discussing the hacking group, confirmed that APT32 was responsible.
North Korean cyberwarfare: as big a threat as its nuclear weapons?
Vietnam has also targeted American businesses relevant to Vietnam’s economy, including the consumer products industry, for years, according to experts.
“What’s changed more recently, and this is consistent with broader trends in the cyber threat actor landscape, is that they are getting better and better at it,” said Andrew Grotto, a fellow at Stanford University who served as the senior director for cybersecurity policy on the National Security Council from late 2015 to mid-2017. “They’re becoming more adept at developing their own tools, while at the same time tapping the global malware market for commercial tools.”
The uptick in Vietnam’s economic espionage activity, which began in 2012 and has spiked since 2018 according to CrowdStrike, comes as the Trump administration seeks to curb what many believe has been rampant intellectual property theft by China – former National Security Agency Director Keith Alexander, who served under presidents Barack Obama and George W. Bush, has called it the “greatest transfer of wealth in history”.
The Vietnamese hackers have emulated some of China’s cyber methods, albeit on a significantly smaller scale, the experts said.


Vietnamese government hackers have likely “seen how successful the Chinese have been at building cyber espionage capabilities and cyber surveillance capabilities” according to Eric Rosenbach, co-director of the Belfer Centre for Science and International Affairs at the Harvard Kennedy School and a former assistant secretary of defence for global security under Obama. As a result, they may be building out or purchasing their own capabilities “either for economic interests or outright theft of intellectual property”, he said.
The Vietnamese foreign ministry and Vietnamese embassy in Washington didn’t respond to requests for comment. A government spokeswoman previously said allegations that state-aligned hackers targeted foreign carmakers were “unfounded.” A representative for the US State Department declined to comment on allegations about economic espionage by Vietnam.
What’s changed more recently ... is that they are getting better and better at it
Andrew Grotto, cybersecurity expert
A Hyundai representative didn’t comment on whether it had been targeted by the Vietnamese hacking group, but said that the company “promptly detects and responds to the events of its IT securities.”
Vietnam is part of a growing group of countries – outside of major cyber players such as Russia and China – that are developing and buying cyber capabilities, according former government officials.
“One of the trends that we tracked when I was in the White House was both the broadening of the number of countries that had active cyber programmes,” said Michael Daniel, who served as the cybersecurity coordinator on the National Security Council under Obama and is now president and chief executive officer of the non-profit group Cyber Threat Alliance. “The ones that have been investing in cyber like Vietnam are continuing to grow in capability.”
Cybersecurity experts offered different, and sometimes conflicting, reasons to explain the hacking group’s activities, from stealing intellectual property to improve Vietnamese products to gaining a competitive edge in negotiations to ensuring foreign corporations are complying with national regulations.
The cybersecurity firm FireEye has been tracking APT32 – which is also known as Ocean Lotus and Ocean Buffalo – since 2012, according to Nick Carr, a director at the firm. In 2017, his team investigated a series of hacks in the US, Germany and multiple countries in Asia and found that the group had spent at least three years targeting foreign governments, journalists, dissidents and “foreign corporations with a vested interest in Vietnam’s manufacturing, consumer products and hospitality sectors”.
Data of 100,000 Singapore defence personnel possibly ‘compromised’
“APT32 leverages a unique suite of fully featured malware, in conjunction with commercially available tools, to conduct targeted operations that are aligned with Vietnamese state interests,” FireEye reported.
Ongoing tactics by APT32 appear to include registering domains that resemble car companies – a move which can precede phishing attacks, in which credentials are stolen by hackers in order to access internal networks, said John Hultquist, FireEye’s director of intelligence analysis.
“Most recently, we’ve seen suspected APT32 domain registration activity designed to resemble automotive firms,” Hultquist said. “This ongoing registration activity affirms APT32’s continuing interest in foreign automakers doing business in Vietnam.”
APT32 recently used Facebook to target individuals who are active in Vietnamese politics, according to the Slovakia-based cybersecurity firm Eset. In this attack, APT32 hackers sent Facebook messages, or Facebook pages, containing what appeared to be a photo album. When victims scrolled through the album, one of the many photos was in fact a malicious document that installed malware on the computer, said Marc-Etienne M. Léveillé, a researcher at the firm.
Australian government reportedly concealed Chinese hack on parliament
Targeting dissidents has been part of a broad surveillance campaign that has included hacking into websites popular with politically active citizens and then using those sites to track them and collect information, said Steven Adair, founder of the cybersecurity firm Volexity.
APT32 conducted “a very sophisticated and extremely widespread mass digital surveillance and attack campaign” targeting Asian countries, the media, groups associated with human rights and civil society as well as the Association of Southeast Asian Nations, Volexity reported.
While Vietnamese hacking of corporations appears to be on the rise, FireEye has seen a major decline in China’s IP theft against corporations – even as the US trade talks with China have emphasised negotiating an end to it.
“From China’s perspective, we’ve definitely seen a massive drop off of that,” said Hultquist of FireEye.
But Vietnam is at a significantly earlier stage in development and, like China did years ago, has turned to cyber espionage as a means of becoming more competitive, said Adam Meyers, CrowdStrike’s vice-president of intelligence.
“This is kind of like a mini-China story,” he said.

For more insights into China tech, sign up for our tech newsletters, subscribe to our award-winning Inside China Tech podcast, and download the comprehensive 2019 China Internet Report. Also roam China Tech City, an award-winning interactive digital map at our sister site Abacus.



How Vietnamese hackers are following China’s lead to steal intellectual property

The Vietnamese hackers have emulated some of China’s cyber methods, albeit on a significantly smaller scale. Photo: Reuters

News

Asia

Southeast Asia

Tech

Policy


Vietnam is part of a growing group of countries – separate to major players such as Russia and China – that are developing and buying cyber capabilities
Group known as APT32, believed to be linked to Vietnamese government, has targeted auto manufacturers, including Toyota and Hyundai



Group known as APT32, believed to be linked to Vietnamese government, has targeted auto manufacturers, including Toyota and Hyundai.


Computer hackers

Cybersecurity

Vietnam

Espionage

How Vietnamese hackers are following China’s lead to steal intellectual property

Vietnam is part of a growing group of countries – separate to major players such as Russia and China – that are developing and buying cyber capabilities Group known as APT32, believed to be linked to Vietnamese government, has targeted auto manufacturers, including Toyota and Hyundai

Vietnam is part of a growing group of countries – separate to major players such as Russia and China – that are developing and buying cyber capabilities

Group known as APT32, believed to be linked to Vietnamese government, has targeted auto manufacturers, including Toyota and Hyundai