cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Vietnamese spies attempt to plant spyware on US officials

US members of Congress and other officials were targeted by Vietnamese government spies attempting to plant spyware on their devices as part of a wider espionage campaign.

user icon Daniel Croft
Tue, 17 Oct 2023
Vietnamese spies attempt to plant spyware on US officials
expand image

Targets of the attack included Foreign Affairs Committee chairman Representative Michael McCaul (R-Tex.) and Foreign Relations Committee member and its Middle East subcommittee chair, Senator Chris Murphy (D-Conn.). Journalists from CNN and Washington experts on Asia were also targeted.

A joint probe into the incident by The Washington Post and other outlets found that the spies had used X (formerly known as Twitter) to persuade the targets to click links to websites that would, unknowing to the victim, download the Predator hacking software.

According to ExpressVPN, one installed Predator can bypass end-to-end encryption and access every photo, message, call, and password and can hide apps the threat actor doesn’t want being used. Additionally, it can take control of a device’s camera and microphone, making it ideal for espionage.


It can also add certificate authority to your device, which would fool it into trusting malicious sites and apps, which could result in more malware being installed.

The software is used by governments around the globe, with the developer Cytrox selling it as a commercial surveillance-for-hire tool.

It is believed that a network of organisations known as the Intellexa alliance, of which Cytrox is a part, sold the spyware to the Vietnamese government, according to Amnesty Security Lab head Donncha Ó Cearbhaill.

“Through all the evidence and documents we have seen, we believe that Predator was sold from Intellexa through several intermediaries to the Vietnamese Ministry of Public Security,” Cearbhaill told The Washington Post.

While there is no evidence to show that the devices were ever infected, the incident has received major publicity due to the way in which the Vietnamese spies attempted to lure in US officials with public social media posts.

“As a Predator customer is clearly in the process of learning in a painful way, exploiting across Twitter is a terrible idea,” said University of Toronto Citizen Lab researcher John Scott-Railton.

“The fact that would even happen proves Predator is still going to reckless operators.”

In light of the incident, secretary general for Amnesty International Agnès Callamard has called for a worldwide ban on invasive spyware like Predator.

“The Intellexa alliance, European-based developers of Predator and other surveillance products have done nothing to limit who is able to use this spyware and for what purpose,” said Callamard.

“Instead, they are lining their pockets and ignoring the serious human rights implications at stake.

“In the wake of this latest scandal, surely the only effective response is for states to impose an immediate worldwide ban on highly invasive spyware.”

The incident comes just as negotiations between the US and Vietnam on regional Chinese influence have flourished, with US President Joe Biden signing an agreement in Hanoi last month for the nations to work together to curb the threat.

As a result, the Vietnamese government would have a particular interest in US views of China and Asia.

The Washington Post reached out to Washington asking if it would bring up the incident with the Vietnamese government, but it received no answer.

The State Department did say that the agreement between the two nations would provide a platform for discussion and that the government was deeply concerned by the targeting of Congress members.

Despite the incident, the relationship between the US and Vietnam has improved dramatically since the two nations were at war, with the agreement signed by Biden last month a major step in the right direction.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.