A communication firm that powers a number of popular websites in Vietnam said Thursday it fell victim to a targeted attack which hackers had spent half a year preparing for and invested some half a million U.S. dollars into, according to media reports.
An initial investigation report suggests that the culprit behind the attack in mid-October is the infamous Sinh Tu Lenh (Life and Death Command) hacker group, local newswire VnExpress quoted VCCorp deputy general director Nguyen The Tan as telling reporters in Hanoi.
Sinh Tu Lenh is a group of anonymous hackers that attacked newswire VietNamNet in 2010 and targeted three other news websites last year, VnExpress said.
The hackers usually deface the websites, alter their content or make them completely inaccessible.
“We can say there is only one group behind these attacks as the hacking methods, tools and codes deployed are similar,” Tan said.
“There are not many hacker groups in Vietnam that are as skillful as Sinh Tu Lenh.”
Hanoi-based VCCorp, fully known as the Vietnam Communications Corporation, is known for its online content, e-commerce, and social media services.
Starting October 13, online newspapers including giadinh.net.vn, nld.com.vn and dantri.com.vn – which operate on technology powered by VCCorp – and newswires operated by the company such as soha.vn, cafeF.vn, vccorp.vn, kenh14.vn and genk.vn became inaccessible. They were accessible again two days later.
Tan confirmed to the media a week after the attack that the company’s Data Center, which consists of the software, human, Internet connection and data backup systems, had been compromised by sabotage.
“The attack was launched from malicious software that is as sophisticated as programs that are worth US$200,000 to $1 million on the global market,” Tan was quoted as saying at the Hanoi media meeting by local tech website ICTNews.
Tan said the malware was not written by an amateur hacker group or someone with hacking knowledge, but a professional organization.
“The attackers sent three to five people to watch over the VCCorp system for six months,” he said. “It is estimated that they invested some $500,000 in the campaign.”
The financial damage to VCCorp over the compromised websites has totaled up to VND30 billion ($1.41 million), according to ICTNews.
The malware allowed hackers to log keys struck on keyboards of VCCorp employees, take screenshots of their computers, activate webcams and remotely control their systems, according to VnExpress.
Hackers thus were able to steal confidential information from the company without needing to physically penetrate its office.
The malicious software has been unearthed by a group of Google researchers, and it is capable of attacking any website and computer systems in Vietnam, the VCCorp deputy chief warned.
Tan said the attackers are “professional cybercriminals that were hired to do the job,” adding that VCCorp’s partners could possibly be the real target of the hackers, according to ICTNews.
He added that the ability and skills of the Sinh Tu Lenh hackers are greatly improved, plus they are getting more dangerous.
“I can’t imagine how disastrous their attacks in the coming years will be,” he was quoted by ICTNews as saying.
VCCorp said they have identified some of the suspects behind the attack.
“Initial information shows that [one of them] is working for a company in Vietnam,” the deputy general director said.
C50, the cybercriminal police unit under the Vietnamese Ministry of Public Security, told Tuoi Tre (Youth) newspaper it is working with VCCorp and the Vietnam Computer Emergency Response Teams to study the malware used to attack the corporation.
“Although it is more an issue specifically related to VCCorp, we want everybody to know about the malware as it can target other firms and organizations in Vietnam,” Tan told Tuoi Tre.