Unidentified hackers have launched targeted attacks against computers used by officials of the Vietnamese Ministry of Natural Resources and Environment, an Internet security company said in a report on Friday.
In a blogpost on its website, ESET, headquartered in Bratislava, Slovakia, specifies how the attackers targeted the government employees, the behavior of the malware on the ministry’s computer systems, and how the attackers attempted to exfiltrate data.
Hackers used a phishing email technique by sending an email to all employees of the ministry with a Microsoft Word document attached, according to ESET.
As the ministry uses webmail to receive and send emails, the employees had to download the attachment into their computers instead of previewing it on web browsers. When they opened the file, the malware immediately infected their machines.
“The document exploits a vulnerability to drop one executable file, named ‘payload.exe,’ onto the computer,” the security company said.
Once executed, the malware will check to see whether Bach Khoa Anti-Virus (BKAV), a Vietnamese-made antivirus program mostly used by government agencies, is present. If BKAV is detected, the malware will neutralize its firewall to get deeper into the infected computers.
The malware also compromised the Windows Explorer application on the infected computers, and secretly connect them to 188.8.131.52:443 in the U.S., or www.google.zzux.com:443, a server located in South Korea.
Hackers will then be able to remotely access the infected computers and steal data.
The ESET said they are currently “unable to share any further intelligence about the perpetrators behind this campaign.”
“It is worth noting that any government’s environmental agency is going to have a great deal of confidential information of national economic and strategic concern,” it noted, referring to data as maps, surveys, studies and reports of the country amid this time of high tension in the East Vietnam Sea.