A number of U.S. lawmakers, as well as United Nations (UN) officials and even journalists working for CNN were reportedly the target of a cyberattack conducted by Vietnamese hackers. The unidentified hackers reportedly attempted to employ spyware that could siphon off call and text data from the phones of Democratic Senators Gary Peters of Michigan and Chris Murphy of Connecticut, as well as Texas Republican Congressman House Foreign Affairs Chairman Michael McCaul.
Multiple CNN reporters who cover East Asia were also targeted.
The hacking attempt was first disclosed by Amnesty International on Monday, and involved an account from X – the platform formerly known as Twitter – which blasted out spyware-laced links over the first half of the year. What is notable about this particular cyber threat is that spyware operators typically operate from the shadows, but in this incident, the hackers were far more direct.
“It was quite a brazen and somewhat reckless way to try target people with some quite sophisticated spyware,” Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, told CNN earlier this month.
The Latest High Profile Attack
It is also noteworthy that this attack, which was disclosed during Cybersecurity Awareness Month, targeted such high-profile individuals. It is suspected it was an attempt to gain insight on the U.S. policies toward Vietnam.
“It was a clumsy attack using sophisticated software. It’d be far more effective if the reverse were true, as the best hackers prefer a sophisticated attack using simple software to prevent detection, just powerful enough to gain the information they desire,” said John Young, a veteran cybersecurity and AI voice cloning expert.
“The Predator software had so many features enabled it would be hard NOT to spot,” Young told ClearanceJobs. “Was the attack really from Vietnam, or a third party posing as them to make the Vietnamese government look bad? This is another typical bad actor strategy, but it was never questioned, and I think it should be.”
It also remains largely unclear whether any of the targeted individuals were compromised in the attack.
“For the most part, Congressional office spokespersons from the intended targets didn’t make definitive statements about whether the attack was successful, or not,” Young added. “Their statements ranged from the fact they follow all government cybersecurity best practices, to no one clicked on the link, as far as they knew. Not a strong denial.”
Prime Targets
Young further warned that the massive layoffs at X last year almost certainly played a role. The social media platform has been largely gutted, and it is less able to prevent and stop such an attack – even those that may not be particularly sophisticated.
“I’d classify this attack as a ‘spray and pray’ attempt, and that’s why it was called clumsy by many sources,” Young continued.
Yet, it should still serve as a warning to clearance holders.
“High-profile individuals have access to sensitive or classified information, making them prime targets for espionage and cyberattacks,” said Emily Phelps, director of cybersecurity provider Cyware.
“Individuals who work with this type of material must exercise extreme caution,” Phelps told ClearanceJobs. “These adversaries are not only looking for financial opportunities but it appears they also seek strategic, political, or sensitive information. By distributing spyware across public platforms, the threat actors are weaponizing trusted online spaces that many assume are safe. They are counting on users having their guard down while visiting these sites. High profile individuals must maintain vigilance about digital security to avoid these evolving threat tactics.”
Changing Landscape
This attack also serves as an example of how the threats can materialize from seemingly trusted platforms – or at least platforms that were once trusted.
“As the cyber threat landscape continues to evolve, individuals with clearances or access to confidential information must also continue to exercise extreme mindfulness due to the critical nature of their roles,” Al Martinek, customer threat analyst at penetration testing solution provider Horizon3.ai, explained to ClearanceJobs.
“The mishandling or stealing of sensitive data can compromise national security, corporate interests, or personal privacy,” added Martinek.
Carelessness or negligence may lead to data leaks, espionage, increased cyberattacks or worse. The threat can be magnified outside of the office.
“When traveling, it is even more critical to rigorously adhere to security protocols, guarding against social engineering tactics, and maintaining strict compartmentalization of information – data separation,” suggested Martinek. “Any moments of indiscretion or oversight can have far-reaching consequences, impacting not only their careers but the safety and well-being of your organization, co-workers, family members, and friends. Individuals with these responsibilities must maintain operational security and uphold unwavering vigilance.”
Finally, these attacks underscore the rising importance of collective defense and collaboration.
“Trusted organizations, individuals, and governments must work together and share intelligence to defend against such threats,” said Phelps.