Hackers affiliated with the Vietnamese government allegedly tried to plant spyware on mobile devices belonging to United States politicians, including members of Congress, during negotiations that led to the U.S.-Vietnam Comprehensive Strategic Partnership.
The allegation comes after an analysis from several major news organizations detailing a wide-ranging phishing scheme that was carried out on platform X, formerly known as Twitter. Its targets included the Republican and Democratic chairs of the House and Senate Foreign Relations Committees, respectively.
Vietnam's Alleged Hacking Attempt
The efforts appeared to have been engineered towards information-gathering as Vietnam's government was involved in discussions with the US that would later result in an agreement to strengthen economic ties between Washington and Hanoi that sought to weaken China's influence in the region.
There was no evidence that any individuals targeted by the malicious links fell victim to the attack. The links would direct users to a webpage upon which their device would download a sophisticated spyware program, as per Independent.
The targeted individuals were spammed with the links in replies to tweets on the social media platform. However, none of those identified in reports even reported seeing the links, and X's internal software hides suspicious replies to some extent. But journalists who investigated the anonymous account behind the postings were able to find them easily enough.
Experts at Google initially noticed the malicious link campaign and contacted the University of Toronto-based digital threat researchers at Citizen Lab. After examining the attempted hacks, those researchers determined that the campaign was likely being carried out by an inexperienced hacking group.
Additionally, the US State Department did not confirm knowledge of the hack. Still, it somewhat cryptically noted that the agreement signed by President Joe Biden with the Vietnamese government would provide a forum to raise such issues.
Targeting US Politicians
The investigation into the situation found that Rep. Michael McCaul and Sens. John Hoeven, Chris Murphy, and Gary Peters were all tagged in posts earlier this year that featured malicious links to install Predator, which is a spyware that is similar to Pegasus, according to The Hill.
McCaul was allegedly targeted in the supposed hacking attempt in a reply to a tweet from Taiwan's Ministry of Foreign Affairs. Hoeven was supposedly targeted in a reply to a post from Taiwanese President Tsai Ing-wen about the senator's visit.
The chairman of the Senate Homeland Security Committee, Peters, and a member of the Senate Foreign Relations Committee, Murphy, were both tagged in a reply to a tweet from an Albanian politician regarding their visit to the Balkan nation.
The Predator spyware is a powerful and hard-to-detect surveillance program that can turn on the microphones and cameras of Apple iPhones and devices that run on Google's Android software. It can also retrieve all files and read private messages even when they are end-to-end encrypted.
The program is distributed by an evolving network that includes the European company Intellexa and a related firm, Cytrox. The two of these are those that the US Commerce Department in July added to its "Entity List," which is a designation that requires US businesses to seek a license before doing business with them, said the Washington Post.