Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Vietnamese APT Targeted Chinese Officials for COVID-19 Related Information

APT32: A new report indicated that a group of Vietnamese hackers began targeting Chinese officials in early January of this year. The group targeted officials in Wuhan and members of the national ministry of emergency management with a combination of spear-phishing and malware. The campaign targeted a small number of people within China who were sent emails containing a tracking pixel which allowed the attackers to identify which users had opened the email and utilized the MetalJack malware which is associated with APT32. The Vietnamese government has called the report “baseless” and stated that “Vietnam prohibits cyber-attacks against organizations and individuals in any form.”

Analyst Notes

With Vietnam’s close proximity to China it is not surprising that they would take a special interest in obtaining information on COVID-19. Vietnam shares a border with China making any public health concerns in China a concern for Vietnam. Vietnam was one of the first nations to see Covid-19 spread from China even after closing the borders and canceling all flights from China. Even though phishing campaigns have been around for a long time, they continue to be a successful tool for hackers at all levels of experience. While email filters are an extremely useful tool for catching a number of spam and phishing campaigns, they are never going to be foolproof. Attackers regularly find newer and more inventive ways to ensure their phishing messages reach their targets. There is no substitute for education and good user security practices when it comes to combating phishing emails as a means of intrusion. Utilizing up-to-date trainings for educating users of recognizing phishing emails, as well as encouraging users to report incidents to security when something doesn’t seem right, or even feels questionable, are invaluable in defending against email-based campaigns. When employees are tricked into opening a malicious attachment or giving away passwords to remotely access company systems, monitoring of endpoints for unusual activity and attacker behavior is the best way to quickly detect and stop attacks in the early stages. More information on this incident can be found at