Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19

Recent Features

Flashpoints | Risk Intelligence | Security | Southeast Asia

Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19

A suspected Vietnamese state-backed cyber campaign targeted Chinese health authorities.

Offensive Cyber Capabilities and Public Health Intelligence: Vietnam, APT32, and COVID-19
Credit: CC0 image via Pixabay

World governments have run the gamut in approaching the ongoing COVID-19 pandemic. Democracies and autocracies have shown mixed results, but they have tended to show some overlap in tactics. One report this week, however, highlights a particularly innovative tactic used by one non-democratic state to support its public health response.

According to cybersecurity firm FireEye, Vietnamese state-backed hackers “carried out intrusion campaigns against Chinese targets” between January and April this year. The purpose of the intrusions was to “collect intelligence on the COVID-19 crisis.”

The use of state-sanctioned offensive cyber activity for intelligence-gathering isn’t a particularly new practice, of course, but it would seem that this is the first notable case of a country using these capabilities to directly inform public health policy. The group, known as APT32 in the cybersecurity world, apparently targeted the “government of Wuhan province,” according to FireEye.

Part of the story here is no doubt explained by the broader skepticism among Vietnam’s political elites toward China. In recent years, ties between Hanoi and Beijing have nose-dived, primarily over the South China Sea, where both sides are territorial and maritime claimants.

Where Vietnam and China at the start of the last decade mostly were able to continue economic cooperation and maintain strong party-to-party ties between their ruling communist parties, Hanoi actively mistrusts Beijing today.

As a result, the original offensive cyber activity may have been informed by a default assumption in Hanoi that Chinese local and national authorities would seek to obscure the true nature of the COVID-19 crisis during the initial outbreak in Wuhan. Vietnam was also one of the first Asian countries to be hit with the 2003 SARS epidemic and learned lessons back then on just how far Chinese authorities could be trusted.

Where matters come full circle — and where part of the story remains obscured — is in the actual results that Vietnam has shown so far in its own fight against the pandemic. Reuters has a nice overview this week of how Hanoi has turned out to be one of the best performing countries at its wealth level, significantly outperforming some richer countries. Hanoi’s policy response — with robust testing and lockdown measures, among other steps  —matches best practices across Asia and the world. Its results — at least according to officially available data — seem to outperform, however.

It’s unclear if the APT32 intrusions may have usefully contributed to the Vietnamese government’s public health response. The group struck early, with FireEye citing evidence of an attempted intrusion as early as January 6, 2020 — long before the Wuhan outbreak reached crisis proportions. Back then, Vietnam had little way of knowing the possible costs that could befall its economy — and the world — should the virus get out of control. FireEye’s analysis also shows fairly rudimentary means used, suggesting that Vietnam was not compromising significant vulnerabilities that would be patched out, leaving its capabilities blunted for future use.