Hanoi Thief cyber attack campaign targets Vietnamese businesses - Photo: THU HANG
On December 4, Bkav Cyber Security Company warned that a Vietnamese enterprise had become a victim of a cyber attack campaign called Hanoi Thief from abroad that directly attacked Vietnamese enterprises.
Accordingly, a series of emails with fake job applications, attached with the file "Le Xuan Son CV.zip", were sent to large and small businesses in Vietnam.
Inside the compressed file is a shortcut file disguised as a job application, but actually contains the LotusHarvest virus, which collects saved password information, login cookies, and browsing history from Chrome, Edge browsers, etc. and sends it to the hacker's server.
According to Bkav experts, the shortcut file inside “Le Xuan Son CV.zip” is disguised under the PDF/PNG icon, making the recipient mistakenly think this is a normal CV file. With just one click, LotusHarvest is immediately activated and begins the process of infiltrating the system.
The worrying point in the attack campaign is that this sophisticated virus has the ability to hide deep and run on its own. LotusHarvest takes advantage of the library loading mechanism to maintain long-term control and access sensitive accounts and data, beyond the protection of conventional security measures.
Stolen data becomes the “key” for hackers to expand their penetration, deploy dangerous tools and turn businesses into targets for multi-layered attacks or extortion in the next stages.
Mr. Nguyen Dinh Thuy, a malware analyst at Bkav, said: “All signs show that the Hanoi Thief campaign was meticulously planned, directly targeting Vietnamese businesses.
Taking advantage of the recruitment department, which regularly receives applications from outside but is not fully equipped with cybersecurity awareness, hackers use fake files in the form of CVs or documents and can continuously transform into many different variations, making the risk of infection unpredictable.
Beware of documents received via email
Due to the dangerous nature of LotusHarvest and the Hanoi Thief campaign, users need to be extremely vigilant with documents received via email, as even a single mistake can “open the door” for hackers.
Businesses and organizations need to regularly organize periodic training for employees, raise awareness and vigilance against online fraud tricks. Internal monitoring systems need to be strengthened, especially monitoring unusual libraries or suspicious files.
The default tools on the operating system only meet the basic protection needs, completely incapable of fighting against modern malware and viruses that can hide, persist for a long time and penetrate deeply into the system. Therefore, it is necessary to install an email monitoring system and use licensed anti-virus software to be protected professionally.
Source: https://tuoitre.vn/canh-bao-chien-dich-tan-cong-mang-hanoi-thief-nham-vao-doanh-nghiep-viet-nam-2025120413552988.htm
![[Photo] Cat Ba - Green island paradise](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F04%2F1764821844074_ndo_br_1-dcbthienduongxanh638-jpg.webp&w=3840&q=75)
![[VIMC 40 days of lightning speed] Da Nang Port: Unity - Lightning speed - Breakthrough to the finish line](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/04/1764833540882_cdn_4-12-25.jpeg)
Comment (0)