The cyberattacks on two major airports and the website of Vietnam Airlines last week were well planned and sophisticated, stemming from recent economic and political issues, a Vietnamese security association said on Monday.
On Friday afternoon, flight information and loudspeaker systems at international airports Noi Bai in Hanoi and Tan Son Nhat in Ho Chi Minh City were compromised, displaying offensive messages about Vietnam and the Philippines.
At the same time, the VIP membership databases of national carrier Vietnam Airlines was also stolen and leaked online.
The Chinese hacker group 1937cn is believed to be responsible for the attacks.
The hacking came amid a string of recent actions by China to oppose an international court ruling against Beijing’s groundless claims in the East Vietnam Sea. The July 12 ruling by the Permanent Court of Arbitration in The Hague denied China's sweeping claims in the strategic seaway, through which more than US$5 trillion in global trade passes each year. "There was no legal basis for China to claim historic rights to resources within the sea areas falling within the [so-called] 'nine-dash line'," the court said. The ruling is claimed as a victory by the Philippines, which explains why the messages left by the hackers target at both countries, as Vietnam is also at odds with China over the maritime region.
“At this time we can confirm that the cyberattack on Vietnam Airlines’ system is an advanced and persistent threat, which was deliberate, well-planned and began long before Friday,” the Vietnam Information Security Association (VNISA) said in a statement on Monday.
An advanced and persistent threat, or APT, is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.
The intention of an APT attack is to steal data rather than causing damage to the network or organization.
Hackers usually employ a set of continuous computer hacking processes to launch an APT, usually targeting organizations or nations for business or political motives.
In the case of Vietnam Airlines, VNISA said there are signs showing that hackers may have penetrated the airline’s system as early as mid-2014.
“However, for the July 29 attack, the hackers used a brand new type of malware able to pass normal security tools, such as antivirus software,” the association said.
VNISA added that “traces of the hack do not provide enough evidence to identify who exactly the attackers are.”
“What we can say is that they have extensive knowledge of the ICT systems at the airports, including how the systems are structured and how the relevant pieces of equipment work,” the association said.
“And their goal is to take full control of the systems and neutralize all databases.”
VNISA is still working with other Internet security agencies to restore the affected systems and prepare defenses to avoid futher attacks.
Vietnam Airlines said its IT system had been thoroughly checked and returned to normal operation as of 6:00 pm on Monday.