Vietnam’s Connection to EU-Made Malware Exposes Spy Campaign

*October 9, 2023*

Amnesty International has released a report detailing a global spyware campaign that appears to be linked to Vietnam. The campaign targets officials, civil society members, and journalists around the world, using malware called Predator, which is made in the EU. The malware allows the perpetrators to control the camera and microphone of infected phones, effectively turning them into pocket spies.

The report reveals that a Vietnam-linked Twitter account, now X, attempted to infect the phones of numerous individuals and institutions, including overseas Vietnamese journalists, EU and US officials, and Taiwanese President Tsai Ing-wen. Predator, the malware used in the campaign, is marketed by an alliance of companies with French and Israeli connections and bases across Europe.

This revelation is reminiscent of the Pegasus spyware scandal caused by Israeli firm NSO in 2021. Like Pegasus, Predator has been sold to various governments, including those of Egypt, Qatar, the United Arab Emirates, and Pakistan. Additionally, news reports indicate that the malware was found on the phones of an Egyptian activist and a Greek journalist as far back as 2021.

### Alarming Implications for Human Rights

Amnesty International has stated that surveillance technology like Predator is fundamentally inconsistent with human rights. The organization’s advocacy officer, Katia Roux, urged the European Union (EU) to take immediate action, asserting that they are “completely failing” to regulate this sector. Amnesty is calling for a ban on this software and a moratorium on all other surveillance software.

The report suggests that the Vietnamese Ministry of Public Security purchased the malware in 2020 for 5.6 million euros ($5.9 million). Amnesty and French news outlet Mediapart, which broke the initial story in a joint investigation with Germany’s Spiegel magazine, believe that agents of the Vietnamese authorities, or individuals acting on their behalf, may be behind this spyware campaign.

While it remains unclear whether the campaign successfully infected any targets, its scope is concerning. According to Amnesty, more than 50 individuals and institutions were targeted between February and June of this year.

### Origins and Marketing of the Predator Malware

Predator was initially created by a North Macedonian firm called Cytrox, according to Amnesty’s report titled “The Predator Files: Caught in the Net.” The technology was later marketed by the Intellexa group, a “complex, morphing group of interconnected companies,” which was established by a former Israeli soldier and incorporated in Ireland. Intellexa subsequently formed an alliance with French umbrella group Nexa to market the spyware.

Spiegel has described this alliance as “one of the most mysterious and dangerous ventures in Europe.” The United States blacklisted both Cytrox and Intellexa in July, issuing a warning that their software posed a threat to the privacy and security of individuals and organizations worldwide.

### Editorial: Greater Regulation and Accountability Needed

This latest revelation highlights the urgent need for greater regulation and accountability in the surveillance technology sector. The fact that such powerful and invasive malware can be purchased by governments and entities with questionable human rights records is deeply concerning.

While surveillance technology can be beneficial in certain contexts, it must be strictly regulated to prevent abuse. Governments and international bodies must establish clear guidelines and standards to ensure the responsible and ethical use of such technologies. This includes stringent oversight of the entities involved in their development, marketing, and sale.

The EU, in particular, should take immediate action to address the inadequacies in its regulation of surveillance technology. The failure to do so not only jeopardizes the privacy and safety of individuals but also undermines the EU‘s commitment to upholding human rights and democratic principles.

### Advice: Protecting Yourself from Malware Attacks

In light of this recent spyware campaign, individuals must take steps to protect their devices and personal information from potential attacks. Here are some important measures to consider:

1. **Keep your software up to date**: Regularly update your device’s operating system and applications to ensure you have the latest security patches.

2. **Install reliable antivirus software**: Use reputable antivirus software that can detect and block malware.

3. **Avoid suspicious links and downloads**: Be cautious when clicking on links or downloading files from unfamiliar sources, as they may contain malware.

4. **Use strong and unique passwords**: Create strong, unique passwords for all your online accounts, and consider using a password manager to securely store them.

5. **Enable two-factor authentication**: Implement two-factor authentication whenever possible to add an extra layer of security to your accounts.

6. **Be vigilant against phishing attempts**: Be cautious of emails, messages, or calls that request sensitive information. Do not provide personal or financial details unless you are certain of the legitimacy of the request.

7. **Regularly back up your data**: Back up your important files and data regularly to protect against potential loss or damage from malware attacks.

8. **Educate yourself about cybersecurity best practices**: Stay informed about the latest cybersecurity threats and best practices to protect yourself and your devices.

By following these measures, individuals can significantly reduce the risk of falling victim to malware attacks and protect their privacy and security online.

As technology continues to evolve, it is crucial for individuals, governments, and international organizations to address the challenges and risks posed by malicious actors. Only through concerted efforts and responsible practices can we safeguard our digital lives and uphold the principles of privacy and human rights in the digital age.