Vietnam tried to plant spyware on the phones of US politicians, report says

Sign up for the daily Inside Washington email for exclusive US coverage and analysis sent to your inbox

Get our free Inside Washington email

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A number of US officials including members of Congress were targeted by hackers working for Vietnam’s government during negotiations that led to the US-Vietnam Comprehensive Strategic Partnership, according to an analysis from several major news organisations.

A report published on Monday by The Washington Post which was jointly conducted with reporters from Mediapart and Der Spiegel detailed a wide-ranging phishing scheme carried out on the platform Twitter/X against targets including the Republican and Democratic chairs of the House and Senate Foreign Relations Committees, respectively, as well as a handful of reporters at CNN and a number of east Asia policy experts at Washington-based think tanks.

The scheme appeared to be engineered towards information-gathering as Vietnam’s government was involved in talks with the US that would later result in an agreement to strengthen economic ties between the US and Vietnam aimed at weakening China’s influence in the region. US companies are increasingly looking at Vietnam as an alternative manufacturing partner to China.

There’s no evidence that any of the individuals targeted by the malicious links, which would direct a user to a webpage upon which their device would begin downloading a sophisticated spyware program, actually fell victim to the attack.

Targeted individuals were spammed with the links in replies to tweets on the platform, but none of those identified by the Post and other media organisations even reported seeing the links at all. Twitter’s own internal software hides suspicious replies to some extent, though journalists investigating the anonymous account behind the postings were able to find them easily enough.

Experts at Google first noticed the malicious link campaign, according to the Post, and contacted the University of Toronto-based digital threat researchers at Citizen Lab in response. Upon examining the hack attempts, those researchers determined that the campaign was likely being carried out by an inexperienced hacking group.

The US State Department did not confirm knowledge of the hack to the Post, but somewhat cryptically noted that the agreement signed by President Joe Biden with Vietnam’s government would provide a forum to raise such issues.

US officials have been subject to more sophisticated hack attacks before, including in 2021 when the New York City subway system was hit by a cyberattack that affected some systems but appeared unable to breach crucial areas. That attack was linked by experts to the Chinese government.