Vietnam tersely rejected charges from Google that tens of thousands of Vietnamese-speaking PC users around the world were targeted by hackers.
The country’s Foreign Ministry published a statement on Saturday after fielding a question from the press about Google’s blog post, which was published on its online security blog on March 30.
“Such comments are groundless,” said Vietnamese Foreign Ministry spokesperson Nguyen Phuong Nga. “We have on many occasions clearly expounded our view on issues relating to access to and use of information and information technology, including the Internet. Vietnam law puts in place specific regulations against computer virus and malware as well as on information security and confidentiality.”
A Google security official, Neel Mehta, wrote that the company had discovered a type of malicious software that was disguised as Vietnamese keyboard language software. The software was used to spy on the owners of computers and to conduct distributed denial-of-service attacks “against blogs containing messages of political dissent.”
“Specifically, these attacks have tried to squelch opposition to bauxite mining efforts in Vietnam, an important and emotionally charged issue in the country,” Mehta wrote.
Following up on Google’s research, security vendor McAfee said the malware created a botnet whose command-and-control systems were located within IP (Internet Protocol) address blocks assigned to Vietnam.
“We believe that the perpetrators may have political motivations and may have some allegiance to the government of the Socialist Republic of Vietnam,” wrote McAfee CTO George Kurtz.
McAfee said the attacks do not appear to be related to Aurora, an extensive hacking network linked to China and outed by Google in January. The company two weeks ago defied Chinese law and stopped censoring its search results in China in protest. Google said that hackers targeted the Gmail accounts of human rights activists along with intellectual property of at least 20 other companies.
The Vietnamese malware purports to be the VPSKeys driver used to create accent marks in the right locations on Windows machines, according to McAfee. The code is less sophisticated than the malware used in the Aurora attacks, McAfee said.
On Tuesday, computer security researchers released a report on a new cyber-espionage network that once again targeted entities such as the Indian military, the Office of the Dalai Lama and the United Nations.
The Shadow network was traced to Chengdu, in China’s Sichuan province, where the perpetrators used a variety of social networking tools to control compromised computers. As of Tuesday, China’s National Computer Network Emergency Response Technical Team (CNCERT) said it had not been notified of the report by the researchers.