Vietnam Dissidents Hit in Botnet DDoS Attack

SecureWorks uncovered a new botnet targeting Vietnamese dissidents with distributed-denial-of-service attacks.

Hacktivism has appeared again in the cyber-world, this time starring dissidents in Vietnam.

According to SecureWorks, a new Trojan is being used to launch DDoS (distributed-denial-of-service) attacks against blogs and forums criticizing the Vietnamese Communist Party. Joe Stewart, SecureWorks' director of malware research, reported a botnet dubbed Vecebot is responsible for the attacks.

This is not the first time cyber-attacks have targeted dissidents in Vietnam. Earlier this year, controversy arose when Google and others reported finding a cyber-crime campaign focused on silencing criticism of a Chinese-backed mining operation. According to Stewart, there is evidence the same group is behind both attacks.

"Earlier this year, there were similar attacks against some of these same targets by another bot known as 'Vulcanbot'...One of the targets of both the Vulcanbot and Vecebot attacks is x-cafevn.org," Stewart wrote in his report on the attacks. "In addition to the DDoS attacks, there have been intrusions into the server that hosts x-cafevn.org and the computer of the administrator. The forum's user database and administrator's personal details (including personal e-mails) were posted to a Website by the pro-communist hacking group where the hackers claimed responsibility for the earlier 2010 hacks, as well as their reasoning and a message directed to what they consider to be 'reactionary' sites."

Vecebot was deployed just days before what was supposed to be the Oct. 19 prison release of a Vietnamese blogger known for criticizing the government, Stewart noted. This could be suggestive of a collaborative effort between the Vietnamese government and the author of the attack to stifle criticism, though there is no definitive proof, he wrote. The prisoner, whose real name is Nguyen Van Hai but who blogs under the name "Dieu Cay," was never released, according to media reports.

"We definitely think we will (see more of these types of attacks), as we are already seeing politically motivated DDoS attacks occurring right now against political sites in Brazil," Stewart said. "A Black Energy Botnet is being used to launch these attacks."