There are signs of previous hacking attempts on the computer systems at two airports.
A Vietnamese cyber security organization said that computer systems at Vietnam’s two biggest airports had been targeted by Chinese hackers before the attack took place on July 29, going back as far as 2014.
The Vietnam Information Security Association (VNISA) made the statement on Monday as the government continues to investigate cyber attacks carried out by a hacking group known as 1937cn on Noi Bai and Tan Son Nhat airports last week.
VNISA said that there were signs of previous hacking attempts on the two airports in the mid-2014, but the an entirely new dedicated set of malware was used in the attacks last Friday.
The group allegedly took control of the speaker and display systems to broadcast information distorting Vietnam’s claims in the South China Sea (known in Vietnam as East Sea).
A day after the attack, 1937cn dismissed the accusations, saying they were unfounded, according to a statement on the group’s website.
Network security teams from multiple agencies have identified the malicious malware that was used to sabotage the systems. They also discovered how the hackers exploited and bypassed the security system long before initiating the attacks last week.
Independent security expert Nguyen Hong Phuc said the hackers had shared three internet links leading to files that contain personal data of over 400,000 members of Vietnam Airlines’ frequent fliers club, Golden Lotus.
According to Phuc, this information may have fallen into the hands of the hackers four days before the attack, as the accounts used to share them were created on July 25, 2016.
Nguyen Hai Tung, head of Vietnam Airlines’ IT department, said it had detected hacking attempts on the night of July 28 and issued a warning. Tung added that shortly after, the airline had taken measures to prevent the virus from spreading.
At around 4 p.m. on July 29, display screens at Noi Bai and Tan Son Nhat were taken over with messages insulting Vietnam and the Philippines regarding the South China Sea dispute, causing confusion and panic among passengers.
The speaker system at Noi Bai airport was also hijacked for a few minutes, during which time the speakers broadcast a male voice claiming the East Sea belongs to China in English.
Airport security forces soon regained control of the screens and speaker system.
The official website of Vietnam Airlines, was apparently hacked into by the same group at about 4 p.m. the same day. The website page was replaced by the picture that appeared on the airports’ screens. It returned to normal at 5:10 p.m., but the airlines’ customer database was stolen and made public on the internet, according to a press release from Vietnam Airlines.
Vietnam Airlines advised customers to change their account passwords, but later announced it will temporarily suspend online services.
The incident led to the delays of more than 100 flights; 64 from Tan Son Nhat and 30 from Noi Bai. Dozens of flights were delayed on Friday by 15 minutes to more than an hour, according to the Civil Aviation Authority of Vietnam.
As of May 2015, over 200 Vietnamese websites had been attacked by hacking groups from China, mostly 1937cn. According to security experts, 1937cn.net was established to provoke and attack Vietnamese websites.
1937cn is known as the most notorious hacking groups in China with over 40,000 attacks launched recently, according to Chinese hacker ranking site hack-cn.com.
On July 12, an international arbitration tribunal ruled in favor of the Philippines, rejecting China’s sweeping claim to large swaths of the South China Sea. China has dismissed the ruling as a “farce”.
In June of last year, amid territorial disputes in the South China Sea, 1937cn attacked the website of the University of Santo Tomas’ Museum of Arts and Sciences in the Philippines, leaving similar provocative messages.