Man poses in front of on a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica. PHOTO: REUTERS

Hackers targeted Chinese government over coronavirus response

Hackers tried to compromise the personal and professional email accounts of staff

Reuters April 22, 2020
LONDON/WASHINGTON: Hackers working in support of the Vietnamese government have attempted to break into Chinese state organisations at the centre of Beijing’s effort to contain the coronavirus outbreak, US cybersecurity firm FireEye said on Wednesday.

FireEye said a hacking group known as APT32 had tried to compromise the personal and professional email accounts of staff at China’s Ministry of Emergency Management and the government of Wuhan, the Chinese city at the centre of the global coronavirus pandemic.

Investigators at FireEye and other cybersecurity firms have said they believe APT32 operates on behalf of the Vietnamese government. The group’s recent activity mirrors attempts by a host of state-backed hackers to compromise governments, businesses and health agencies in search of information about the new disease and attempts to combat it.

“These attacks speak to the virus being an intelligence priority - everyone is throwing everything they’ve got at it, and APT32 is what Vietnam has,” said Ben Read, senior manager for analysis at FireEye’s Mandiant threat intelligence unit.

Netflix Party: Now you can watch movies together under coronavirus lockdown

The Vietnamese government did not respond to a request for comment. Messages sent to email addresses used by the hackers went unanswered.

The Cyberspace Administration of China (CAC), the Chinese Ministry of Emergency Management and the Wuhan city government did not immediately respond to faxed requests for comment.

Vietnam was quick to react to first reports of the new coronavirus, sealing off its border with neighbouring China and implementing an aggressive programme of contact tracing and quarantine measures that have kept cases of infection in the country below 300.


Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York, said the hacking activity suggested Hanoi also took swift action in cyberspace. The earliest hacking attempt identified by FireEye predated the first known international infection by a week, he said.

“It shows both a distrust about Chinese government announcements and a sense that when China sneezes, it is its neighbours that get the flu – in this case literally.”

Facebook invests $5.7 billion in Reliance unit to reach small Indian grocers

FireEye said APT32 targeted a small group of people with emails that included tracking links to notify the hackers when they were opened. The attackers then planned to send further emails with malicious attachments containing a virus called METALJACK that would give them illicit access to their victims’ computers.

Marc-Étienne Léveillé, a researcher at Slovakia-based software security firm ESET, said APT32 had used the same malware in recent months to target other governments and commercial organisations in east Asia, as well as political activists and dissidents in Vietnam.

It is unclear if the intrusion attempts in China were successful but the attacks show that hackers ranging from cybercriminals to state-backed spies have had to quickly reorganise their operations in response to the coronavirus, said John Hultquist, senior director of analysis at Mandiant.

“This is precisely what we would expect. A crisis develops and there’s a shortage of information, so intelligence collectors are deployed,” he said.

“This crisis is of such extreme interest to every country on earth that it surpasses the intelligence necessities normally associated with armed conflict. It is absolutely existential.”


Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ