Security researchers are linking malware sent to anti-communist activists in Vietnam to controversial commercial spyware firm Hacking Team.
"It seems their govt bought such solution as toolset to be used against anti-communist activists as APT," the anti-malware activists said. The discovery shows how countries, particularly those with lesser financial and technical resources, might be trying to bridge the gap in their snooping capabilities using commercial tools.
"Maybe some day @FireEye @PaloAltoNtwks or @kaspersky will discover links between previously observed APT groups and HT," added Chaouki Bekrar, founder of controversial exploit broker firm Vupen, in what may well be a tongue-in-cheek remark. Hacking Team bought zero-days from Vupen, according to leaked emails.
Hacking Team, which markets offensive technology to the worldwide law enforcement and intelligence communities, has been put under the spotlight by a recent high-profile breach that resulted in the leak of 400 GB of confidential files and emails. A searchable archive of leaked emails set up by WikiLeaks in the wake of the megahack show that the controversial Italian firm was involved in projects in Indonesia and Vietnam, among many other countries.
"Must dig [into] PoC in the HT dump on the Vietnam archive within 2012-2013 to be sure, but Shellcode + DLL injected payload looks theirs," @MalwareMustDie told El Reg via Twitter. "[T]he only way to proof is via dump data for Vietnam related support/projects. It's gotta be it. No-one sniffs Skype/MSN except RCS [Remote Control System]."
Hacking Team markets a product called Remote Control System that others describe as a remote access trojan for spies and law enforcement. ®