The Vietnamese authorities will probably be motivated to access and steal information from key sectors through commercial cyberespionage, but this is unlikely to be part of a systematic campaign, as the country's economy grows and transitions to become a digital economy.
This assessment was issued to clients of Dragonfly’s Security Intelligence & Analysis Service (SIAS) on 25 January 2023.
- Its state-sponsored cyber groups have in recent years seemingly pursued espionage campaigns against sectors that are vital to Vietnam’s economic growth strategy
- The greater and more pervasive cyberespionage threat to firms operating in Vietnam is likely to stem from the Chinese state, especially in sensitive sectors
Companies doing or considering business in Vietnam will probably become more exposed to commercial cyberespionage over the coming years. This is amid the country’s economic growth strategy and ongoing transition to become a digital economy. Vietnam has over the past several years seemingly conducted cyberespionage operations against several sectors, such as manufacturing and technology. But as it tries to seek to attract foreign investment, we doubt that it would engage in systematic physical or cyber espionage campaigns against foreign businesses that would undermine its overarching economic growth strategy.
Vietnam becoming a key economic player
Vietnam is becoming more important in global and regional supply chains and the economy. A driver of this has been the relocation and expansion of supply chains from China in recent years. This is amid US-China competition and the operational risks that stemmed from Covid-19 restrictions in China between 2020-22. Vietnam has also become one of the fastest-growing digital economies in the Asia Pacific region. Foreign direct investment has surged in Vietnam. This reached a record high of $22.4 billion in 2022, a 13.5% rise from 2021, according to government data cited in the Financial Times.
Vietnamese authorities likely to pursue commercial espionage
Vietnam appears to have the state’s cyber resources at its disposal to target multinational firms. In 2019, cybersecurity firms uncovered an aggressive hacking campaign against such businesses in the automotive industry, including BMW and Hyundai, by APT32 (also known as Ocean Lotus). This is an apparent Vietnamese state-sponsored cyber group. Cybersecurity firms such as Mandiant have documented cyberespionage campaigns by APT32 between 2014-17 against several corporations ‘with business interests in Vietnam’, including in banking, consumer products, manufacturing, media and technology.
We assess with moderate confidence that the authorities are probably interested in the sensitive information of entities in large and sensitive sectors that it plans to partially privatise. This includes banking and telecoms. According to open-source investment reports from 2022, the Vietnamese government plans to divest 141 state-owned enterprises up until 2025. Information that would be especially of interest to the authorities includes planning or marketing strategies, and prospective bidding documents.
Vietnam’s incentive to conduct commercial espionage operations will probably grow over the coming years. This is especially in sectors that facilitate its growth as a digital economy, as well as a key location for supply chains. A 2024 outlook report published by Asia House, an independent think tank, noted that Vietnam is likely to outperform its neighbours this year, and that its manufacturing and export industries have attracted significant inward investment. In our understanding, key sectors for Vietnam include manufacturing, technology and telecoms.
Developing cyber capabilities
Vietnam will probably develop its capabilities to conduct cyberespionage operations in the coming five years. We have previously assessed that Vietnam is one of the countries that is most likely to emerge as an offensive cyber power in the coming years, as shown in our Visual Analysis feature. This is based on several factors, which include the state’s capacity and workforce to develop its cyber capabilities, and established cyber operations it has conducted to date, notably those by APT32.
Operations unlikely to be systematic
Despite the cyberespionage threat that Vietnam poses, we doubt that the state would target commercial businesses in systematic campaigns. The country probably does not want to deter rising foreign investment into the country. But groups like APT32 have previously targeted those the state perceives as dissenters as well as activists and NGOs, including with spyware, according to news reporting and findings by cybersecurity firms in recent years. That is why we assess entities in the NGO sector, particularly those in human rights, are highly likely to face a pressing espionage threat from Vietnamese state agencies.
Chinese-state sponsored groups also pose a pervasive threat
China is very likely to pose a pervasive cyberespionage threat to domestic and foreign organisations operating in Vietnam. Its state-sponsored groups already pose a persistent threat to organisations globally, particularly in priority sectors for the state that it wants to achieve self-sufficiency in, such as in new materials or IT. Some of these sectors overlap with those Vietnam considers as its priorities, and is actively trying to obtain foreign investment. In our analysis, the Chinese state is also probably interested in information surrounding those companies expanding or relocating their supply chains away from China to Vietnam.
China’s digital influence in Vietnam would seem to enable it to intercept and access commercial information. Chinese telecom firms Huawei and ZTE operate in Vietnam, such as in 5G networks. Western governments have long accused China of exploiting these firms to further its espionage ambitions, though they have rarely provided specific details on how they do so. Chinese and Vietnamese officials in December 2023 reportedly discussed enhancing ‘digital interconnections’. Local press outlets speculated this would involve the development of optical fibre cables and data centres under China’s Digital Silk Road strategy.
Business competition in Vietnam will also present opportunities for competitor firms to conduct espionage, either digitally or physically. The technology and telecom sectors in Vietnam appear to have the greatest potential for such activity. There is a seeming precedent for this by Chinese firms in these sectors, albeit not in Vietnam. The US authorities in 2019 charged Huawei Device Co. and its US affiliate for the attempted theft of trade secrets in the early 2010s from a US telecoms firm ‘to gain unfair advantage in the global marketplace’.
Business travellers unlikely to be targeted
Our personal cyber risk level for Vietnam is severe, one of the highest in the Asia-Pacific region. Locals are already highly surveilled, and the risk level mainly reflects the record of state agencies there to surveil (and detain) or seize the devices of perceived dissidents such as bloggers and activists under national security concerns. We have not seen evidence that the state has targeted business travellers for commercial espionage, or corporate devices being stolen, or physically targeted for data theft, by state agencies in recent years.
Image: A member of the hacking group Red Hacker Alliance uses a website that monitors global cyberattacks on his computer at their office in Dongguan, China. Photo by Nicolas Asfouri/AFP via Getty Images.