A new family of Trojan Horse programs is being used to stifle political opposition to the Communist Party in Vietnam, according to an analysis by researchers at SecureWorks.
The Trojan, dubbed Vecebot, is a new family of malware and has been linked to distributed denial of service (DDoS) attacks against bloggers who have written critically of the ruling Communist Party and Chinese mining operations in the country, SecureWorks said.
The targets of the Vecebot botnet, estimated at between 20,000 and 30,000 hosts, include popular Vietnamese blogs and online forums, the analysis found. The release of Vecebot may have been coordinated with what was billed as “Vietnam Blogger Day” on October 19, a coordinated online civil action to celebrate the release of a blogger and political prisoner who used the name Dieu Cay, the SecureWorks analysis said.
If accurate, the analysis identifies what would be just the latest example of malware attacks that appear to have political, rather than strictly commercial objectives. The SecureWorks analysis points to connections between Vecebot and an earlier Trojan, Vulncanbot which also targeted anti-Communist Web sites in Vietnam with DDoS attacks and other targeted hacks. Domains used for the Vecebot command and control servers are similar to those used in the earlier, Vulcanbot attacks, according to a report by SecureWorks Counter Threat Unit.
Politically motivated hacking and malware has become a more prevalent in recent years. Well publicized incidents such as the GhostNet attacks on the Tibetan Government in Exile and the Aurora attacks on Western firms, including Google, seem to have clear, political objectives. At the same time, denial of service attacks have become a staple of cyber offensive strategy.
With scant evidence that Vecebot serves any criminal or commercial purposes, SecureWorks says it appears clear that the botnet was created to silence online critics of the Vietnamese political establishment.