Vietnam-aligned hackers attempted to hack US lawmakers and journalists
Hackers aligned with Vietnam tried to use social media platforms X and Facebook to install spyware on the phones of dozens of high-profile targets, including US lawmakers, United Nations officials and CNN journalists, Amnesty International said Monday.
The powerful hacking tool – designed to siphon off call and text data from phones – was aimed at social media accounts affiliated with Democratic Sens. Gary Peters and Chris Murphy, and Republican congressman and House Foreign Affairs Chairman Michael McCaul, according to Amnesty investigators.
Multiple CNN journalists who cover East Asian affairs were also targeted. A CNN spokesperson declined to comment.
The researchers said they were unaware of any successful infections using the spyware. But the attempt to compromise powerful lawmakers simply by tweeting at them will raise further concerns on Capitol Hill about the proliferation of commercial spyware.
An obscure account on X, the platform formerly known as Twitter, blasted out spyware-laced links to targets of the hackers from February to June, according to Amnesty. The targets held potentially useful insights on US policy toward Vietnam.
Spyware operators normally operate in the shadows, but in this case the hackers had no qualms about trying to use a public platform to entice their targets.
“It was quite a brazen and somewhat reckless way to try target people with some quite sophisticated spyware,” Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, told CNN.
The European Investigative Collaborations (EIC), a network of over a dozen news outlets, and the Washington Post first reported on Amnesty’s findings.
Ó Cearbhaill told CNN he and his investigators are “very confident” in the links between the hackers and Vietnam, citing contract records reviewed by the EIC between the Vietnamese government and a company affiliated with the spyware.
Researchers with Google’s Threat Analysis Group, which tracks state-backed hackers, told CNN the Twitter account spreading the spyware appears to be based in Vietnam.
McCaul doesn’t manage his social media accounts and there was therefore not exposed to the link, said Leslie Shedd, a McCaul spokesperson. Office staffers were not affected, either, Shedd said.
An aide to Murphy told CNN: “To the best of our knowledge, no one in our office clicked the link.”
The Vietnamese embassy in Washington, DC, not immediately respond to a request for comment. A spokesperson for Peters did not immediately respond to a request for comment.
For years, cybersecurity researchers and human rights activists have documented the proliferation of spyware designed to break into mobile phones and steal their contents. But the issue gained greater traction in Washington this year following the revelation that about a dozen State Department employees serving in Africa were reportedly hacked with spyware developed by Israeli firm NSO Group.
President Joe Biden responded with an executive order in March banning US government agencies from using spyware that is deemed a threat to US national security or are implicated in human rights abuses.
In this case, Amnesty said the developer of the spyware was Cytrox, a North Macedonia-based firm that is owned by Intellexa, an umbrella of Europe-based companies.
The US Commerce Department added Cytrox and Intellexa its “Entities List” in July, which prevents US companies from doing business with them without special approval.
CNN could not reach Intellexa or Cytrox for comment.
“Clearly these tools are being exported from the EU to states with terrible human rights records,” Ó Cearbhaill, of Amnesty International, told CNN. “Then not only are they turned against journalists and human rights defenders, but also against politicians and institutions who should be meaningfully regulating these exports.”
John Scott-Railton, a senior researcher with the University of Toronto’s Citizen Lab, which also studied the Intellexa spyware, said the findings validate the Commerce Department’s regulation of the firm.
“Meanwhile, if European lawmakers won’t bring consequences to reckless vendors, they need to get comfortable with being targeted,” Scott-Railton told CNN.