Cybercrime,
Data Security,
Finance & Banking
Cybercrime Collective ShinyHunters Claims 160 Million Records Compromised
The central bank of Vietnam is investigating a cyberattack that targeted its credit reporting division, with implications for the personal data of millions. The cybercrime group ShinyHunters has claimed responsibility for this breach.
The State Bank of Vietnam reported that it first became aware of the incident on Wednesday, confirming that the breach was confined to its National Credit Information Center, a significant credit reporting entity. Initial assessments indicate that the attack involved unauthorized access aimed at capturing sensitive personal information, as stated by the Vietnam Cyber Emergency Response Center in a Thursday communication.
In light of the breach, VNCERT has warned that there will be consequences for any individual or organization that accesses or disseminates the stolen information without proper authorization. Financial institutions received a letter on Thursday linking the attack to ShinyHunters, which had previously targeted major companies like Google and Microsoft, according to reports from Reuters.
The authorities emphasized that the breach has not interfered with operations, stating that the credit information service system remains intact. Concurrently, the central bank sought to reassure the public regarding the security of IT systems across commercial banks, affirming that personal accounts and financial transactions continue to be protected.
The credit bureau, one of only four organizations authorized to supply credit information services in Vietnam, does not retain sensitive information such as bank account numbers or full transaction histories, as confirmed by local media. The government subsequently refuted claims suggesting that other sectors, including banking and energy, were also affected by varying breaches.
ShinyHunters Takes Responsibility
ShinyHunters first publicized details of the attack through a Telegram message on September 8, asserting that they accessed the entire database of the Credit Institute of Vietnam, totaling over 160 million records. This database reportedly included personally identifiable information (PII), as well as critical financial data. The group has begun marketing this stolen data on criminal forums, listing it at a price of $175,000.
The group communicated that they bypassed the bank’s defenses by exploiting a vulnerability in outdated software, which lacks available security patches. Notably, they indicated that they do not aim to ransom the data from the bank, presuming that it would be uninterested in payment. Given the nature of the stolen data, which includes comprehensive financial reports and government-issued IDs, the potential for misuse on the dark web remains high, with full identities often trading for substantial amounts, according to cybersecurity analysts.
As Vietnam’s population is estimated at 106 million, the reported volume of 160 million records suggests a retention of historical data or multiple records per individual. This incident follows a worrying trend of escalations in cyberattacks, including recent breaches targeting highly regarded organizations across a range of sectors.
The attack on Vietnam’s credit agency highlights various tactics from the MITRE ATT&CK framework that could have been employed, such as initial access through exploiting software vulnerabilities and persistence through maintaining unauthorized access within the network. As the investigation continues, industry observers remain skeptical about the group’s intentions, pondering whether they are merely regrouping amidst increasing law enforcement scrutiny.
