Vietnam-aligned hackers made a brazen attempt to breach the cybersecurity of prominent US lawmakers and journalists, as revealed by Amnesty International. These hackers utilized social media platforms such as X (formerly Twitter) and Facebook to disseminate spyware that aimed to infiltrate the phones of numerous high-profile targets, including members of the United States Congress, United Nations officials, and CNN journalists.
Among the specific targets were Democratic Senators Gary Peters and Chris Murphy, as well as Republican Congressman Michael McCaul, who serves as the House Foreign Affairs Chairman.
The hacking tool employed by these cybercriminals was designed to clandestinely collect call and text data from the compromised phones. While multiple CNN journalists covering East Asian affairs were targeted, the researchers at Amnesty International indicated that they were not aware of any successful infections resulting from this spyware campaign. Nevertheless, the audacious attempt to compromise influential lawmakers by distributing malicious links via a public platform raises significant concerns on Capitol Hill regarding the proliferation of commercial spyware.
The Amnesty report highlighted that an obscure account on the X platform actively distributed spyware-infested links to the hackers’ targets over a period spanning from February to June. The selection of these targets was strategic, as they possessed potentially valuable insights related to US policy toward Vietnam.
Amnesty International’s Donncha Ó Cearbhaill noted that this hacking attempt, conducted in plain view, was a bold and somewhat reckless use of sophisticated spyware. Moreover, the European Investigative Collaborations (EIC) and The Washington Post initially reported on these findings, with Ó Cearbhaill expressing high confidence in the links between the hackers and Vietnam, citing contract records reviewed by EIC and input from Google’s Threat Analysis Group.
This cyberattack adds to concerns about the proliferation of spyware worldwide, particularly following revelations of State Department employees in Africa being targeted with spyware developed by the Israeli firm NSO Group. In response, President Joe Biden issued an executive order in March, prohibiting US government agencies from using spyware that poses a threat to national security or is associated with human rights abuses.
In this specific case, Amnesty International identified the developer of the spyware as Cytrox, a firm based in North Macedonia and owned by Intellexa, a group of Europe-based companies. As a result of these revelations, the US Commerce Department added both Cytrox and Intellexa to its “Entities List” in July, restricting American companies from engaging in business with them without special approval. These findings underscore the urgent need for regulations on the export of such cyber tools, especially to nations with poor human rights records.