Explosive Revelations: Vietnam-backed Hackers Launch Audacious Cyberattack on Prominent US Lawmakers and Journalists
Vietnam-linked hackers targeted prominent figures like US lawmakers, CNN journalists, and UN officials, attempting to infiltrate their smartphones using social media platforms X and Facebook, according to Amnesty International
Amnesty International reported on Monday that hackers associated with Vietnam attempted to utilize social media platforms X and Facebook in order to implant spyware on the mobile devices of numerous prominent individuals. The targeted individuals included US lawmakers, United Nations officials, and CNN journalists. The hacking tool employed in this operation had the capability to extract call and text data from phones. Amnesty investigators revealed that the intended social media accounts for infiltration belonged to Democratic Senators Gary Peters and Chris Murphy, as well as Republican congressman and House Foreign Affairs Chairman Michael McCaul.
Multiple CNN journalists specializing in East Asian affairs were among the individuals who were targeted. A CNN spokesperson declined to provide any comment in this regard.
According to the researchers, no instances of successful infections using the spyware have been reported. However, the fact that influential lawmakers were targeted by simply tweeting at them will undoubtedly increase concerns on Capitol Hill regarding the widespread use of commercial spyware.
From February to June, Amnesty reported that an unknown account on X, previously known as Twitter, shared links containing spyware to the specific individuals targeted by the hackers. The individuals targeted held valuable information regarding US policy towards Vietnam. Despite spyware operators typically operating covertly, these hackers did not hesitate to utilize a public platform in order to entice their targets.
"It was an audacious and rather irresponsible approach to target individuals with highly advanced spyware," stated Donncha à Cearbhaill, the director of Amnesty International's Security Lab, in an interview with CNN.
The findings of Amnesty International were initially brought to light by the European Investigative Collaborations (EIC), a collection of over twelve news organizations, and later reported by the Washington Post.
Ó Cearbhaill informed CNN that he and his team of investigators have a high level of confidence in the connections between the hackers and Vietnam. This assertion is supported by contract records examined by the EIC, revealing a partnership between the Vietnamese government and a company associated with the spyware.
According to researchers from Google's Threat Analysis Group, who monitor state-sponsored hackers, it appears that the Twitter account responsible for distributing the spyware is located in Vietnam.
McCaul did not personally handle his social media accounts, which is why he was not exposed to the link, according to Leslie Shedd, a spokesperson for McCaul. Likewise, office staff members were not affected, Shedd confirmed.
A representative for Murphy reported to CNN that no one in their office clicked the link, as far as they know.
The Vietnamese embassy in Washington, DC, did not respond promptly to a comment request. A response to a comment request from a spokesperson for Peters was also not received promptly.
For years, the proliferation of spyware specifically created to breach mobile phones and pilfer their data has been well-documented by cybersecurity researchers and human rights activists. However, the matter gained increased attention in Washington this year when it was disclosed that approximately twelve State Department employees stationed in Africa were allegedly targeted by spyware developed by NSO Group, an Israeli company.
President Joe Biden issued an executive order in March, prohibiting US government agencies from utilizing spyware that is considered a risk to national security or has involvement in human rights violations. Amnesty claimed that Cytrox, a company based in North Macedonia and owned by Intellexa, a consortium of European companies, was responsible for developing the spyware.
Intellexa and Cytrox were added to the "Entities List" by the US Commerce Department in July. As a result, US companies are prohibited from conducting business with them without obtaining special approval. CNN was unable to obtain a comment from Intellexa or Cytrox.
"There is a clear pattern of these tools being exported from the EU to countries with abysmal human rights records," remarked à Cearbhaill from Amnesty International in a conversation with CNN. "What's even more alarming is that these tools are not only being used against journalists and human rights defenders but also against politicians and institutions that should be responsible for regulating these exports."
John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab, further confirmed the Commerce Department's regulation of the company by stating that these findings corroborate their concerns about the Intellexa spyware.
"Meanwhile, if European lawmakers wont bring consequences to reckless vendors, they need to get comfortable with being targeted," Scott-Railton told CNN.
