Vietnam

Vietnam is seeking to take advantage of digital technology as a means to bolster economic growth and advance in the global value chain. With a still developing knowledge economy, Vietnam might not be a highly attractive target for cyber-enabled IP theft, but, as the country continues to witness significant growth in IP-intensive sectors, it could become lucrative prey for IP-related crimes in the medium to long term.

ASPI assesses

Vietnam

to be

Moderately vulnerable

to state-sponsored acts of cyber-enabled theft of IP.

Author

Nguyen The Phuong

Aerial View of the Ha Long Bay in Vietnam - Quang Nguyen Vinh

Key Facts

R&D Investments

USD $5.8 billion (2019)

Patent Applications

3,818 (2017)

Cybersecurity Agency

National Cyber Security Center

How at risk is

Vietnam

Vietnam maintains a growing knowledge economy that places it at risk of cyber-enabled IP theft, particularly as the government maintains an ambitious strategy focused on bolstering science, technology and innovation.

The 13th Congress of the Communist Party of Vietnam introduced the Social and Economic Development Strategy 2021–2030. This road map prioritises science, technology, innovation and digital transformation and has been implemented through a series of resolutions and decisions. IP-intensive industries, while still a small portion of the economy, are on the rise, particularly in the tech and manufacturing sectors. The digital economy has increased in value by 450% since 2015, and the number of digital enterprises nearly tripled from 2016 to 2020. Manufacturing and processing industries are also making strides, and segments such as electronics and pharmaceuticals have generated significant IP. Despite those developments, Vietnam’s R&D spending remains relatively low in comparison to its neighbours. While Vietnam is seeing a rapid growth in the internet economy, the adoption of Industry 4.0 technologies is still nascent in most sectors. Furthermore, there’s a shortage of qualified and skilled labour.

Vietnam's complex relationship with China, characterised both by deepening economic linkages and mutual distrust, places it at a higher risk of cyber-enabled IP theft. Vietnam is further at risk of cyber-enabled IP theft because it emerges as a more attractive destination for foreign capital, particularly as the US moves to relocate its supply chain away from China. Vietnam is increasingly regarded as an R&D hub for global tech giants, as companies such as Samsung and Qualcomm invest in research centres and collaborative education programs. However, the nation’s low number of highly skilled workers and limited participation in the high-tech supply chain make it susceptible to disruptions in bilateral relations with China or shifts in global political dynamics. Wary of Chinese espionage operations, Vietnam’s approach to ICT infrastructure development has prioritised independence from Chinese influence. Therefore, Hanoi invested in indigenous 5G technology and non-Chinese standards for digitalisation upgrades.

How prepared is

Vietnam

Despite the vulnerability of Vietnamese private entities to state-sponsored cyberattacks, Vietnam hasn’t identified cyber-enabled IP theft as a distinct cybersecurity threat. The country’s cybersecurity legal framework is anchored in the 2015 Law on Network Information Security and the 2018 Law on Cyber Security, which define cybercrimes and violations. While those laws establish governance structures, they have received criticism for potential threats to free speech and foreign investment due to strict data localisation regulations.

The Ministry of Information and Communications oversees network information security, while the Ministry of Public Security and the Ministry of Defence manage cybersecurity, coordinating with other ministries. The Ministry of Public Security and the Ministry of Defence are the two agencies that are mainly in charge of state management in cybersecurity, with the help and coordination of other agencies such as the Ministry of Information and Communications and the Government Cipher Committee. While the Ministry of Public Security oversees civilian cybercrimes, the Ministry of Defence established the Cyber Command in 2018 to deal with ‘peaceful revolution’ in cyberspace and cyberattacks from foreign sources. Twice a year, the two ministries hold briefings to review and reassess cooperative mechanisms in all aspects of national security, cybersecurity included.

Vietnam’s indirect efforts to protect against cyber-enabled IP theft are based on encouraging a culture of IP protection and building cybersecurity awareness. While IP violations continue to occur, the legal framework has been refined through amendments to the Law on Intellectual Property, aiming to bolster enforcement. However, businesses often overlook IP protection in favour of other concerns, such as product development and marketing, and information resources on IP are scarce, particularly for SMEs and start-ups.

National efforts to enforce cybersecurity continue to struggle with the country’s growing digital economy. The government has initiated awareness campaigns and educational programs to build public awareness and digital hygiene, with a focus on vulnerable groups such as children and teenagers. However, cybersecurity concerns among Vietnamese SMEs remain relatively low, driven by their perceptions of being unlikely targets and their limited resources. A 2021 Cisco survey showed that Vietnamese SMEs rank last in the Asia–Pacific in their concerns about cybersecurity (67%).

Vietnam is actively involved in regional cybersecurity efforts, participating in ASEAN-led initiatives since 2016. Vietnam has subscribed to the UN framework for responsible state behaviour in cyberspace and has taken steps to regulate data security, including data-storage requirements for technology firms operating in the country.

Reported cases of economic cyber-espionage

Name of Incident

Victims (entities)

Sectors Affected

Affected economies

Threat Actor

Alleged state sponsor

Date reported

ShadyRAT (APT1)

More than 70 companies and government entities around the world

Multiple, including government, IT, Media, Energy, Construction, Heavy Industry, Defense, Real Estate, NGO, Research

US (49 victims as of 2011), Canada (4), ROK (2), Taiwan (3), Japan (2), Switzerland (2), UK (2), Indonesia (1), Vietnam (1), Denmark (1), Singapore (1), Hong Kong (1), Germany (1), India (1)

APT1

China (suspected links with PLA Unit 71398)

2011/2013

Context

In 2013, Mandiant/Fireye discovered that APT1 has been conducting cyberespionage operations since 2006. The cyberespionage operation affected or targeted at least 141 organizations across 20 major industries – ranging from IT and Transporation to Engineering Services and Chemicals – primarily in English-speaking countries, including the U.S. (115 multinationals), India (3), Singapore (2). Possibly linked to the ShadyRAT campaign, which McAfee discovered in 2011, the campaign may have also affected India, Indonesia, Vietnam, Japan, Denmark, and Germany. Given that the largest targets of cyberespionage were private entities, it is very much possible that the APT has stolen vast amounts of commercial secrets that relate to multiple sets of economic sectors and industries.

The perpetrator was suspected to be APT1 and ShadyRAT, two possible sets of hacking groups that may have some affiliations with the Second Bureau of the Third Department of PLA’s General Staff Department.
‍
There was a rise in attacks after 2010. Of note, 13 out of 16 IT organizations attacked are from 2010-2012. Most incidents across the board also seem to occur after 2010. It may be closely tied to the 12th Five-Year Plan (2011-2015), which is a cyclical strategy document by the CPC leadership that steers the general direction of economic initiatives: namely next-generation information technology, high-end equipment manufacturing, alternative energy, and new materials. Fundamentally, in launch occurred not long after the 2006 National Medium- and Long-Term Plan For the Development of Science and Technology, China laid out its goals to reduce its dependence on the West for advanced technologies, and on the U.S. and Japan in particular.

Economic objectives

Assets stolen

Intellectual property, including sensitive business information.

Attribution

Mandiant; McAffee

Governments' response

The U.S. Department of Justice indicted five Chinese military officers associated with this hack.

Sources

Level of confidence

High Confidence (9 out of 12)

Private entities are a majority of known sectors targeted in the intrusion (2 points)
Commercial data are known to be the dominant targets of intrusion (3 points)
APT actor has some history of stealing IP and other commercially valuable data (2 points)
No concrete evidence that data stolen was used to aid domestic private businesses of malign state, but data stolen likely aligns with malign state's industrial policies (2 points)

2020-2021 Cyberespionage Campaign (APT41)

Banking/Finance, Civil Society, Construction, Defense Industrial Base, Government, Healthcare, High Technology, Higher Education, Legal, Manufacturing, Media, Non-profit, Oil & Gas, Petrochemical, Pharmaceutical, Real Estate, Research, Software development companies, Social Media, Telecommunications, Transportation, Travel, and Utility

1. Finance 2. Construction Services 3. Defense 4. Public Administration 5. Medical and Other Health Care Services 6. Professional, Scientific and Technical Services 7. Computer System Design and Related Services 8. Tertiary Education 9. Manufacturing 10. Information Media and Telecommunications 11. Personal and Other Services 12. Oil and Gas Extraction 13. Basic Chemical and Chemical Product Manufacturing 14. Property Operators and Real Estate Services 15. Telecommunications Services 16. Transport, Postal and Warehousing 17. Administrative Services 18. Electricity, Gas, Water and Waste Services 19. Transport, Postal and Warehousing 20. Machinery and Equipment Manufacturing 21. Heavy and Civil Engineering Construction 22. Publishing

Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA, Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam

APT41

China

2020, 2021

Context

From January 2020 until 2021, cybersecurity firms detected a massive cyberespionage campaign targeting private entities. These campaigns were conducted in three clusters. First, from January to March 2020, there was a broad campaign against 75 private entities in 20 countries, with a focus on industries ranging from petrochemicals to defense industrial base. Mandiant notes that while it’s unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, the victims appear to be more targeted in nature. The economies affected were Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA.

Second, in September 2020, hackers associated with APT41 were charged by the U.S. Department of Justice in connection with computer intrusion campaigns against more than 100 victims globally, including in Indonesia, Malaysia, Thailand, and Vietnam. The entities affected were those that specialize in software development, manufacturers, telecommunications, non-profit, universities, and civil society organizations.

Third, from July 2020 until August 2021 (ongoing as of then), Trend Micro observed an espionage campaign against victims in India, m, Malaysia, Philippines, Taiwan, and Vietnam in the airline, computer hardware, automotive, infrastructure, publishing, media, and IT industries.

Economic objectives

Assets stolen

Sensitive business information, source codes, software codes signing certificates, and customer account data

Attribution

US Government, Mandiant; Trend Micro

Governments' response

In second incident, U.S. Department of Justice indicts seven individuals (two arrested, five remaining)

Sources

Level of confidence

High Confidence (9 out of 12)

Private entities are a majority of known sectors targeted in the intrusion (2 points)
Commercial data are likely to have been targeted (2 points)
APT actor is strongly associated with economic espionage operations, with motivations strongly tied to certain states’ industrial policy objectives (3 points)
No concrete evidence that data stolen was used to aid domestic private businesses of malign state, but data stolen likely aligns with malign state’s industrial policies (2 points)

Operation Diànxùn (Mustang Panda)

Telecom firms and institutes developing 5G technology

Telecommunications

Vietnam, Myanmar, U.S., Spain, Germany, Austria, Czechia, Ukraine, and China

Mustang Panda

Possibly China

2021

Context

Nicknamed Operation Diànxùn by the McAffee Advant Threat Research (ATR) Strategic Intelligence team, this cyberespionage campaign likely targeted people working in the telecommunications industry to access sensitive data and to spy on companies related to 5G technology. The first activity was observed to have taken place in August 2020, with several private entities suffering a cyber intrusion when the hackers leveraged a fake Huawei careers website to lure telecom employees and infect their systems with info stealers.

The McAfee ATR team holds with a moderate level of confidence that the motivation behind this specific campaign had to do with the banning of Chinese technology from the construction of telecoms network across the world. The countries outside of Southeast Asia – U.S., Spain, Germany, Austria, Czechia, and Ukraine – targeted were all signatories to a global security agreement for future 5G networks, highlighting concerns about equipment supplied by vendors that might be subject to state influence. Vietnam, meanwhile, is opting to avoid Huawei technology and instead moving to develop its own 5G technology.

McAfee ATR had attributed the hacking operations to two threat actors: RedDelta and Mustang Panda. Meanwhile, Mustang Panda has had a history of conducting cyberespionage operations on behalf of the Chinese state to steal information that align with China’s “Made in China 2025” goals and BRI plans. Thus, there is past precedence for their support in the pursuit of industrial goals.

Economic objectives

Assets stolen

Uncertain, possibly sensitive business information about 5G technology

Attribution

McAffee Advant Threat Research

Governments' response

None

Sources

Level of confidence

High Confidence (10 out of 12)

Private entities are either the sole or the primary targets of intrusion (3 points)
Commercial data are known to be the dominant targets of intrusion (3 points)
APT actor has some history of stealing IP and other commercially valuable data (2 points)
No concrete evidence that data stolen was used to aid domestic private businesses of malign state, but data stolen likely aligns with malign state's industrial policies (2 points)

Office

40 Macquarie Street
Barton ACT 2600

Contact

Ph: +61 2 6270 5100

E: enquiries@aspi.org.au

Explore

Home About Country Profiles Insights Media Case Repository