Vietnamese Government Agents Attempted Spyware Campaign Targeting U.S. Officials and Experts

According to The Washington Post, vietnamese government agents launched a brazen campaign to plant spyware on the phones of members of Congress, American policy experts, and U.S. journalists. The campaign came to light through a forensic examination of links posted on Twitter and documents uncovered by a consortium of news outlets. Prominent figures, such as Rep. Michael McCaul and Sen. Chris Murphy, along with Asia experts and journalists, were among the targets.

This campaign took place during negotiations between Vietnamese and American diplomats for a cooperation agreement aimed at countering Chinese influence in the region. The espionage attempt coincided with increased interest in U.S. viewpoints on China and Asian affairs.

The State Department did not confirm whether it raised the issue with the Vietnamese government, but it noted that the agreement would provide a forum for such discussions. The investigation revealed that the spies used Twitter to try to induce targets to visit websites designed to install the Predator or/and Pegasus spyware, powerful surveillance programs capable of compromising phones.

Both Predator and Pegasus made it to the U.S. Commerce Department’s “Entity List” due to concerns about privacy and democratic norms and can be deployed in two ways: one where the target must click on a link, as in this case, and the other where no user interaction is needed. The latter method relies on exploiting security vulnerabilities that phone manufacturers have not yet discovered or patched with software updates. The hacking attempts followed extensive conversations and technology shipments between Vietnamese agencies and the spyware creators.

While none of the targets reported successful infections, the campaign highlighted the involvement of spyware in privacy breaches. The investigation also identified a new method of attacking phones.

Efforts to regulate high-end spyware are progressing more slowly than countries’ capabilities to wield it, raising concerns about the need for stronger oversight of the spyware industry.