Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Special Features

Cybersecurity Month

Vietnam accused of Predator spyware attack on EU and US politicians

Awkward, seeing as the US and Vietnam just announced a refreshed relationship

Simon Sharwood Tue 10 Oct 2023  //  03:45 UTC

Amnesty International has accused the government of Vietnam of acquiring the notorious Predator spyware and using it for nefarious ends – including attempts to infect US and European lawmakers.

The human rights org on Monday published a report titled "The Predator Files: Caught in the Net" that details the use of spyware and its impact on human rights.

Predator is the product of a group called Intellexa that has earned itself a place on the US's list of banned tech. Analysis of the spyware suggests that when present on an Android smartphone it can record audio and steal info from messaging apps – and do it after zero-click installs that leave users oblivious to its presence.

Amnesty International's assessment of Predator describes it as "highly invasive spyware that by default gains total access to all data stored or transmitted from the target's device, and which is designed to leave no traces on the target device, to render any independent audit of potential abuses impossible." The spyware can be installed with a zero-click attack or even by a foe in close proximity to a device.

The report suggests that one of Intellexa's clients is the government of Vietnam and details the activities of a defunct X/Twitter account that used the handle @JOSEPH_GORDON16. In Amnesty's telling, @JOSEPH_GORDON16 posted messages that bore links to Intellexa servers and which, if clicked, would likely have installed Predator.

Amnesty asserts the account targeted "a Berlin-based independent news website, political figures in the European Parliament, the European Commission, academic researchers, and think tanks. In addition to these, other attempted targets include United Nations officials, the president of Taiwan, United States senators and representatives, and other diplomatic authorities."

The report suggests "agents of the Vietnamese authorities, or persons acting on their behalf, may be behind the spyware campaign."

Which is quite something, given US president Joe Biden last month visited Vietnam and announced "a historic new phase of bilateral cooperation and friendship," plus a Comprehensive Strategic Partnership.

Erroneous exports

The report declares that spyware is incompatible with human rights and alleges that – despite regulations requiring approval before its export – authorities in some European nations have ignored those requirements. On other occasions, export controls "have been circumvented," allowing sales of Predator that should not have been allowed. Greece and France are named as nations that have allowed Predator sales to Madagascar and Sudan.

The report calls for all governments to recognize the human rights impact of spyware, and work harder to prevent its use.

Amnesty previously worked with journalism advocacy organization Forbidden Stories to allege widespread misuse of the Pegasus spyware. It claimed it was sold by an Israeli entity called the NSO Group, which promoted its zero-click install feature as just the thing for governments that needed to keep tabs on criminals or threats to national security.

NSO Group insisted it would only sell it to users who could prove the software would be deployed in legitimate law enforcement actions. Amnesty asserted that Pegasus had been widely used for other purposes, including snooping on heads of state, academics, diplomats, human rights advocates, and media figures.

NSO Group denied the allegations and stopped answering questions about its products and how they are used.

Intellexa also claimed to provide tools for law enforcement agencies and billed itself as EU-regulated before its website disappeared. Archived copies of intellexa.com reveal it claimed "Our cutting-edge technological platforms will help you to protect your communities from criminal activities, making them feel safer and more secure."

Amnesty believes the opposite is true. ®
Send us news
1 Comment

GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets

More malware scum using acessibility features to steal personal info

From chaos to cadence: Celebrating two decades of Microsoft's Patch Tuesday

IT folks look back on 20 years of what is now infosec tradition

US construction giant unearths concrete evidence of cyberattack

Simpson Manufacturing yanks systems offline, warns of ongoing disruption

It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems

Happy Halloween! Security bugs under attack squashed, more flaws fixed

Five Eyes intel chiefs warn China's IP theft program now at 'unprecedented' levels

Spies come in from the cold for their first public chinwag

Squid games: 35 security holes still unpatched in proxy after 2 years, now public

We'd like to say don't panic … but maybe?

Cisco zero-day bug allows router hijacking and is being actively exploited

We'd say 'Hurry up and patch' but it hasn't written one yet. While you wait, disable HTTP

Europe mulls open sourcing TETRA emergency services' encryption algorithms

Turns out secrecy doesn't breed security

Signal shoots down zero-day rumors, finds 'no evidence' of device takeover

Looks to be related to critical libwebp bug found — and fixed — last month

US Navy sailor admits selling secret military blueprints to China for $15K

Worth it for 20 years behind bars?

Cisco warns of critical flaw in Emergency Responder code

Hard-coded credentials strike again

Cisco's critical zero-day bug gets even worse – 'thousands' of IOS XE devices pwned

Good news: There's a free scanner to check your kit. Bad news: Still no fix