Researchers at cybersecurity company FireEye have identified an espionage group "aligned with Vietnamese state interests" as the perpetrators of cyberattacks dating back as far as 2013, according to a report released Sunday.
The group, dubbed APT 32 (advanced persistent threat 32), has targeted economic interests in the United States, Europe and Asia — including foreign companies with offices in Vietnam, as well as Vietnamese dissidents and media outlets.
APT 32 uses documents hiding malware installers using a method known as Active Mime macros. Once opened, those files install any of five pieces of malware that FireEye believes are proprietary to APT 32, dubbed Windshield, Soundbite, Phoreal, Beacon and Komprogo.
The targeted industries range from technology firms to consumer products.
FireEye has tied APT 32 to attacks going back to 2013, noting that reports from the Electronic Frontier Foundation of attacks targeting "journalists, activists, dissidents, and bloggers" bear similarities to the hacking group's methods. The earliest attack FireEye has first-hand knowledge of appeared to come in 2014, targeting "dissident activity among the Vietnamese diaspora in Southeast Asia."
"Also in 2014, APT32 carried out an intrusion against a Western country’s national legislature," the report reads.
The report contains internet addresses and malware identifiers security professionals can use to identify APT 32's attacks.